diff --git a/src/backend/access/transam/xact.c b/src/backend/access/transam/xact.c
index d85e313908..102d0e1574 100644
--- a/src/backend/access/transam/xact.c
+++ b/src/backend/access/transam/xact.c
@@ -3043,6 +3043,9 @@ CommitTransactionCommand(void)
TransactionState s = CurrentTransactionState;
SavedTransactionCharacteristics savetc;
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
SaveTransactionCharacteristics(&savetc);
switch (s->blockState)
@@ -5500,6 +5503,9 @@ ShowTransactionStateRec(const char *str, TransactionState s)
{
StringInfoData buf;
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
initStringInfo(&buf);
if (s->nChildXids > 0)
diff --git a/src/backend/catalog/dependency.c b/src/backend/catalog/dependency.c
index 7acf654bf8..58a1d70b8a 100644
--- a/src/backend/catalog/dependency.c
+++ b/src/backend/catalog/dependency.c
@@ -76,6 +76,7 @@
#include "commands/trigger.h"
#include "commands/typecmds.h"
#include "funcapi.h"
+#include "miscadmin.h"
#include "nodes/nodeFuncs.h"
#include "parser/parsetree.h"
#include "rewrite/rewriteRemove.h"
@@ -524,6 +525,11 @@ findDependentObjects(const ObjectAddress *object,
if (stack_address_present_add_flags(object, objflags, stack))
return;
+ /* since this function recurses, it could be driven to stack overflow,
+ * because of the deep dependency tree, not only due to dependency loops.
+ */
+ check_stack_depth();
+
/*
* It's also possible that the target object has already been completely
* processed and put into targetObjects. If so, again we just add the
diff --git a/src/backend/catalog/heap.c b/src/backend/catalog/heap.c
index 4f006820b8..a88550913d 100644
--- a/src/backend/catalog/heap.c
+++ b/src/backend/catalog/heap.c
@@ -552,6 +552,9 @@ CheckAttributeType(const char *attname,
char att_typtype = get_typtype(atttypid);
Oid att_typelem;
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
if (att_typtype == TYPTYPE_PSEUDO)
{
/*
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index 7c697a285b..f22da79c65 100644
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -6684,6 +6684,9 @@ ATExecAddColumn(List **wqueue, AlteredTableInfo *tab, Relation rel,
TupleDesc tupdesc;
FormData_pg_attribute *aattr[] = {&attribute};
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
/* At top level, permission check was done in ATPrepCmd, else do it */
if (recursing)
ATSimplePermissions((*cmd)->subtype, rel, ATT_TABLE | ATT_FOREIGN_TABLE);
@@ -8383,6 +8386,10 @@ ATExecDropColumn(List **wqueue, Relation rel, const char *colName,
/* Initialize addrs on the first invocation */
Assert(!recursing || addrs != NULL);
+
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
if (!recursing)
addrs = new_object_addresses();
@@ -10839,6 +10846,9 @@ ATExecAlterConstrRecurse(Constraint *cmdcon, Relation conrel, Relation tgrel,
Oid refrelid;
bool changed = false;
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
currcon = (Form_pg_constraint) GETSTRUCT(contuple);
conoid = currcon->oid;
refrelid = currcon->confrelid;
@@ -11839,6 +11849,9 @@ ATExecDropConstraint(Relation rel, const char *constrName,
bool is_no_inherit_constraint = false;
char contype;
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
/* At top level, permission check was done in ATPrepCmd, else do it */
if (recursing)
ATSimplePermissions(AT_DropConstraint, rel, ATT_TABLE | ATT_FOREIGN_TABLE);
diff --git a/src/backend/optimizer/util/clauses.c b/src/backend/optimizer/util/clauses.c
index aa584848cf..77a5eb526c 100644
--- a/src/backend/optimizer/util/clauses.c
+++ b/src/backend/optimizer/util/clauses.c
@@ -2318,6 +2318,10 @@ static Node *
eval_const_expressions_mutator(Node *node,
eval_const_expressions_context *context)
{
+
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
if (node == NULL)
return NULL;
switch (nodeTag(node))
diff --git a/src/backend/utils/adt/jsonpath_exec.c b/src/backend/utils/adt/jsonpath_exec.c
index b561f0e7e8..dc7ab387ea 100644
--- a/src/backend/utils/adt/jsonpath_exec.c
+++ b/src/backend/utils/adt/jsonpath_exec.c
@@ -1232,6 +1232,9 @@ executeBoolItem(JsonPathExecContext *cxt, JsonPathItem *jsp,
JsonPathBool res;
JsonPathBool res2;
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
if (!canHaveNext && jspHasNext(jsp))
elog(ERROR, "boolean jsonpath item cannot have next item");
diff --git a/src/backend/utils/mmgr/mcxt.c b/src/backend/utils/mmgr/mcxt.c
index 0b00802df7..cc06c00a49 100644
--- a/src/backend/utils/mmgr/mcxt.c
+++ b/src/backend/utils/mmgr/mcxt.c
@@ -392,6 +392,9 @@ MemoryContextDelete(MemoryContext context)
/* And not CurrentMemoryContext, either */
Assert(context != CurrentMemoryContext);
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
/* save a function call in common case where there are no children */
if (context->firstchild != NULL)
MemoryContextDeleteChildren(context);
@@ -750,6 +753,9 @@ MemoryContextStatsInternal(MemoryContext context, int level,
Assert(MemoryContextIsValid(context));
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
/* Examine the context itself */
context->methods->stats(context,
print ? MemoryContextStatsPrint : NULL,
@@ -915,6 +921,9 @@ MemoryContextCheck(MemoryContext context)
Assert(MemoryContextIsValid(context));
+ /* since this function recurses, it could be driven to stack overflow */
+ check_stack_depth();
+
context->methods->check(context);
for (child = context->firstchild; child != NULL; child = child->nextchild)
MemoryContextCheck(child);
Hello! In continuation of the topic I would like to suggest solution.
This patch adds several checks to the vulnerable functions above.
