On 3/2/23 14:56, Tom Lane wrote: > Jacob Champion <jchamp...@timescale.com> writes: >> If I've understood Tom correctly in [1], both of these guc_mallocs >> should be using a loglevel less than ERROR, to avoid forcing a >> postmaster exit when out of memory. (I used WARNING in that thread >> instead, which seemed to be acceptable.) > > Actually, preferred practice is as seen in e.g. check_datestyle: > > myextra = (int *) guc_malloc(LOG, 2 * sizeof(int)); > if (!myextra) > return false; > myextra[0] = newDateStyle; > myextra[1] = newDateOrder; > *extra = (void *) myextra; > > which gives the guc.c functions an opportunity to manage the > failure.
Ah, thanks for the correction. (My guc_strdup(WARNING, ...) calls may need to be cleaned up too, then.) --Jacob
