stack__depth_8c_source.html

/*-------------------------------------------------------------------------

 *

 * stack_depth.c

 *    Functions for monitoring and limiting process stack depth

 *

 * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group

 * Portions Copyright (c) 1994, Regents of the University of California

 *

 *

 * IDENTIFICATION

 *    src/backend/utils/misc/stack_depth.c

 *

 *-------------------------------------------------------------------------

 */


#include "postgres.h"


#include <limits.h>

#include <sys/resource.h>


#include "miscadmin.h"

#include "utils/guc_hooks.h"


/* GUC variable for maximum stack depth (measured in kilobytes) */

int         max_stack_depth = 100;


/* max_stack_depth converted to bytes for speed of checking */

static ssize_t max_stack_depth_bytes = 100 * (ssize_t) 1024;


/*

 * Stack base pointer -- initialized by set_stack_base(), which

 * should be called from main().

 */

static char *stack_base_ptr = NULL;


/*

 * set_stack_base: set up reference point for stack depth checking

 *

 * Returns the old reference point, if any.

 */

pg_stack_base_t


set_stack_base(void)

{

#ifndef HAVE__BUILTIN_FRAME_ADDRESS

    char        stack_base;

#endif

    pg_stack_base_t old;


    old = stack_base_ptr;


    /*

     * Set up reference point for stack depth checking.  On recent gcc we use

     * __builtin_frame_address() to avoid a warning about storing a local

     * variable's address in a long-lived variable.  This is also important

     * with address sanitizer, see comment in stack_is_too_deep().

     */

#ifdef HAVE__BUILTIN_FRAME_ADDRESS

    stack_base_ptr = __builtin_frame_address(0);

#else

    stack_base_ptr = &stack_base;

#endif


    return old;

}


/*

 * restore_stack_base: restore reference point for stack depth checking

 *

 * This can be used after set_stack_base() to restore the old value. This

 * is currently only used in PL/Java. When PL/Java calls a backend function

 * from different thread, the thread's stack is at a different location than

 * the main thread's stack, so it sets the base pointer before the call, and

 * restores it afterwards.

 */

void


restore_stack_base(pg_stack_base_t base)

{

    stack_base_ptr = base;

}


/*

 * check_stack_depth/stack_is_too_deep: check for excessively deep recursion

 *

 * This should be called someplace in any recursive routine that might possibly

 * recurse deep enough to overflow the stack.  Most Unixen treat stack

 * overflow as an unrecoverable SIGSEGV, so we want to error out ourselves

 * before hitting the hardware limit.

 *

 * check_stack_depth() just throws an error summarily.  stack_is_too_deep()

 * can be used by code that wants to handle the error condition itself.

 */

void


check_stack_depth(void)

{

    if (stack_is_too_deep())

    {

        ereport(ERROR,

                (errcode(ERRCODE_STATEMENT_TOO_COMPLEX),

                 errmsg("stack depth limit exceeded"),

                 errhint("Increase the configuration parameter \"max_stack_depth\" (currently %dkB), "

                         "after ensuring the platform's stack depth limit is adequate.",

                         max_stack_depth)));

    }

}


bool


stack_is_too_deep(void)

{

#ifndef HAVE__BUILTIN_FRAME_ADDRESS

    char        stack_top_loc;

#endif

    ssize_t     stack_depth;

    char       *stack_address;


    /*

     * With address sanitizer's stack-use-after-return check, stack variables

     * are moved to heap allocations, to allow to detect references to the

     * memory at a later time. That would break our stack-depth check. Luckily

     * __builtin_frame_address() works correctly, even under asan.

     */

#ifndef HAVE__BUILTIN_FRAME_ADDRESS

    stack_address = &stack_top_loc;

#else

    stack_address = (char *) __builtin_frame_address(0);

#endif


    /*

     * Compute distance from reference point to my stack frame.

     */

    stack_depth = (ssize_t) (stack_base_ptr - stack_address);


    /*

     * Take abs value, since stacks grow up on some machines, down on others

     */

    if (stack_depth < 0)

        stack_depth = -stack_depth;


    /*

     * Trouble?

     *

     * The test on stack_base_ptr prevents us from erroring out if called

     * before that's been set.  Logically it should be done first, but putting

     * it last avoids wasting cycles during normal cases.

     */

    if (stack_depth > max_stack_depth_bytes &&

        stack_base_ptr != NULL)

        return true;


    return false;

}


/* GUC check hook for max_stack_depth */

bool


check_max_stack_depth(int *newval, void **extra, GucSource source)

{

    ssize_t     newval_bytes = *newval * (ssize_t) 1024;

    ssize_t     stack_rlimit = get_stack_depth_rlimit();


    if (stack_rlimit > 0 && newval_bytes > stack_rlimit - STACK_DEPTH_SLOP)

    {

        GUC_check_errdetail("\"max_stack_depth\" must not exceed %zdkB.",

                            (stack_rlimit - STACK_DEPTH_SLOP) / 1024);

        GUC_check_errhint("Increase the platform's stack depth limit via \"ulimit -s\" or local equivalent.");

        return false;

    }

    return true;

}


/* GUC assign hook for max_stack_depth */

void


assign_max_stack_depth(int newval, void *extra)

{

    ssize_t     newval_bytes = newval * (ssize_t) 1024;


    max_stack_depth_bytes = newval_bytes;

}


/*

 * Obtain platform stack depth limit (in bytes)

 *

 * Return -1 if unknown

 *

 * Note: we choose to use ssize_t not size_t as the result type because

 * callers compute values that could theoretically go negative,

 * such as "result - STACK_DEPTH_SLOP".

 */

ssize_t


get_stack_depth_rlimit(void)

{

#if defined(HAVE_GETRLIMIT)

    static ssize_t val = 0;


    /* This won't change after process launch, so check just once */

    if (val == 0)

    {

        struct rlimit rlim;


        if (getrlimit(RLIMIT_STACK, &rlim) < 0)

            val = -1;

        else if (rlim.rlim_cur == RLIM_INFINITY)

            val = SSIZE_MAX;

        /* rlim_cur is probably of an unsigned type, so check for overflow */

        else if (rlim.rlim_cur >= SSIZE_MAX)

            val = SSIZE_MAX;

        else

            val = rlim.rlim_cur;

    }

    return val;

#else

    /* On Windows we set the backend stack size in src/backend/Makefile */

    return WIN32_STACK_RLIMIT;

#endif

}


errcode
int errcode(int sqlerrcode)
Definition elog.c:875

errhint
int errhint(const char *fmt,...) pg_attribute_printf(1

ERROR
#define ERROR
Definition elog.h:40

ereport
#define ereport(elevel,...)
Definition elog.h:152

newval
#define newval

GUC_check_errdetail
#define GUC_check_errdetail
Definition guc.h:507

GucSource
GucSource
Definition guc.h:112

GUC_check_errhint
#define GUC_check_errhint
Definition guc.h:511

guc_hooks.h

val
long val
Definition informix.c:689

miscadmin.h

STACK_DEPTH_SLOP
#define STACK_DEPTH_SLOP
Definition miscadmin.h:300

pg_stack_base_t
char * pg_stack_base_t
Definition miscadmin.h:302

errmsg
static char * errmsg
Definition oauth_hook_client.c:61

source
static rewind_source * source
Definition pg_rewind.c:89

postgres.h

fb
static int fb(int x)
Definition preproc-init.c:92

resource.h

restore_stack_base
void restore_stack_base(pg_stack_base_t base)
Definition stack_depth.c:78

max_stack_depth
int max_stack_depth
Definition stack_depth.c:26

get_stack_depth_rlimit
ssize_t get_stack_depth_rlimit(void)
Definition stack_depth.c:192

check_max_stack_depth
bool check_max_stack_depth(int *newval, void **extra, GucSource source)
Definition stack_depth.c:158

stack_is_too_deep
bool stack_is_too_deep(void)
Definition stack_depth.c:110

assign_max_stack_depth
void assign_max_stack_depth(int newval, void *extra)
Definition stack_depth.c:175

stack_base_ptr
static char * stack_base_ptr
Definition stack_depth.c:35

max_stack_depth_bytes
static ssize_t max_stack_depth_bytes
Definition stack_depth.c:29

check_stack_depth
void check_stack_depth(void)
Definition stack_depth.c:96

set_stack_base
pg_stack_base_t set_stack_base(void)
Definition stack_depth.c:44