LCOV - code coverage report
Current view: top level - src/backend/access/transam - xlogreader.c (source / functions) Coverage Total Hit
Test: PostgreSQL 20devel Lines: 79.4 % 737 585
Test Date: 2026-07-07 08:15:41 Functions: 96.6 % 29 28
Legend: Lines:     hit not hit
Branches: + taken - not taken # not executed
Branches: 73.8 % 412 304

             Branch data     Line data    Source code
       1                 :             : /*-------------------------------------------------------------------------
       2                 :             :  *
       3                 :             :  * xlogreader.c
       4                 :             :  *      Generic XLog reading facility
       5                 :             :  *
       6                 :             :  * Portions Copyright (c) 2013-2026, PostgreSQL Global Development Group
       7                 :             :  *
       8                 :             :  * IDENTIFICATION
       9                 :             :  *      src/backend/access/transam/xlogreader.c
      10                 :             :  *
      11                 :             :  * NOTES
      12                 :             :  *      See xlogreader.h for more notes on this facility.
      13                 :             :  *
      14                 :             :  *      This file is compiled as both front-end and backend code, so it
      15                 :             :  *      may not use ereport, server-defined static variables, etc.
      16                 :             :  *-------------------------------------------------------------------------
      17                 :             :  */
      18                 :             : #include "postgres.h"
      19                 :             : 
      20                 :             : #include <unistd.h>
      21                 :             : #ifdef USE_LZ4
      22                 :             : #include <lz4.h>
      23                 :             : #endif
      24                 :             : #ifdef USE_ZSTD
      25                 :             : #include <zstd.h>
      26                 :             : #endif
      27                 :             : 
      28                 :             : #include "access/transam.h"
      29                 :             : #include "access/xlog_internal.h"
      30                 :             : #include "access/xlogreader.h"
      31                 :             : #include "access/xlogrecord.h"
      32                 :             : #include "catalog/pg_control.h"
      33                 :             : #include "common/pg_lzcompress.h"
      34                 :             : #include "replication/origin.h"
      35                 :             : 
      36                 :             : #ifndef FRONTEND
      37                 :             : #include "pgstat.h"
      38                 :             : #include "storage/bufmgr.h"
      39                 :             : #include "utils/wait_event.h"
      40                 :             : #else
      41                 :             : #include "common/logging.h"
      42                 :             : #endif
      43                 :             : 
      44                 :             : static void report_invalid_record(XLogReaderState *state, const char *fmt, ...)
      45                 :             :             pg_attribute_printf(2, 3);
      46                 :             : static void allocate_recordbuf(XLogReaderState *state, uint32 reclength);
      47                 :             : static int  ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
      48                 :             :                              int reqLen);
      49                 :             : static void XLogReaderInvalReadState(XLogReaderState *state);
      50                 :             : static XLogPageReadResult XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking);
      51                 :             : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
      52                 :             :                                   XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
      53                 :             : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
      54                 :             :                             XLogRecPtr recptr);
      55                 :             : static void ResetDecoder(XLogReaderState *state);
      56                 :             : static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
      57                 :             :                                int segsize, const char *waldir);
      58                 :             : 
      59                 :             : /* size of the buffer allocated for error message. */
      60                 :             : #define MAX_ERRORMSG_LEN 1000
      61                 :             : 
      62                 :             : /*
      63                 :             :  * Default size; large enough that typical users of XLogReader won't often need
      64                 :             :  * to use the 'oversized' memory allocation code path.
      65                 :             :  */
      66                 :             : #define DEFAULT_DECODE_BUFFER_SIZE (64 * 1024)
      67                 :             : 
      68                 :             : /*
      69                 :             :  * Construct a string in state->errormsg_buf explaining what's wrong with
      70                 :             :  * the current record being read.
      71                 :             :  */
      72                 :             : static void
      73                 :         310 : report_invalid_record(XLogReaderState *state, const char *fmt, ...)
      74                 :             : {
      75                 :             :     va_list     args;
      76                 :             : 
      77                 :         310 :     fmt = _(fmt);
      78                 :             : 
      79                 :         310 :     va_start(args, fmt);
      80                 :         310 :     vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
      81                 :         310 :     va_end(args);
      82                 :             : 
      83                 :         310 :     state->errormsg_deferred = true;
      84                 :         310 : }
      85                 :             : 
      86                 :             : /*
      87                 :             :  * Set the size of the decoding buffer.  A pointer to a caller supplied memory
      88                 :             :  * region may also be passed in, in which case non-oversized records will be
      89                 :             :  * decoded there.
      90                 :             :  */
      91                 :             : void
      92                 :        1089 : XLogReaderSetDecodeBuffer(XLogReaderState *state, void *buffer, size_t size)
      93                 :             : {
      94                 :             :     Assert(state->decode_buffer == NULL);
      95                 :             : 
      96                 :        1089 :     state->decode_buffer = buffer;
      97                 :        1089 :     state->decode_buffer_size = size;
      98                 :        1089 :     state->decode_buffer_tail = buffer;
      99                 :        1089 :     state->decode_buffer_head = buffer;
     100                 :        1089 : }
     101                 :             : 
     102                 :             : /*
     103                 :             :  * Allocate and initialize a new XLogReader.
     104                 :             :  *
     105                 :             :  * Returns NULL if the xlogreader couldn't be allocated.
     106                 :             :  */
     107                 :             : XLogReaderState *
     108                 :        2986 : XLogReaderAllocate(int wal_segment_size, const char *waldir,
     109                 :             :                    XLogReaderRoutine *routine, void *private_data)
     110                 :             : {
     111                 :             :     XLogReaderState *state;
     112                 :             : 
     113                 :             :     state = (XLogReaderState *)
     114                 :        2986 :         palloc_extended(sizeof(XLogReaderState),
     115                 :             :                         MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
     116         [ -  + ]:        2986 :     if (!state)
     117                 :           0 :         return NULL;
     118                 :             : 
     119                 :             :     /* initialize caller-provided support functions */
     120                 :        2986 :     state->routine = *routine;
     121                 :             : 
     122                 :             :     /*
     123                 :             :      * Permanently allocate readBuf.  We do it this way, rather than just
     124                 :             :      * making a static array, for two reasons: (1) no need to waste the
     125                 :             :      * storage in most instantiations of the backend; (2) a static char array
     126                 :             :      * isn't guaranteed to have any particular alignment, whereas
     127                 :             :      * palloc_extended() will provide MAXALIGN'd storage.
     128                 :             :      */
     129                 :        2986 :     state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
     130                 :             :                                               MCXT_ALLOC_NO_OOM);
     131         [ -  + ]:        2986 :     if (!state->readBuf)
     132                 :             :     {
     133                 :           0 :         pfree(state);
     134                 :           0 :         return NULL;
     135                 :             :     }
     136                 :             : 
     137                 :             :     /* Initialize segment info. */
     138                 :        2986 :     WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
     139                 :             :                        waldir);
     140                 :             : 
     141                 :             :     /* system_identifier initialized to zeroes above */
     142                 :        2986 :     state->private_data = private_data;
     143                 :             :     /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
     144                 :        2986 :     state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
     145                 :             :                                           MCXT_ALLOC_NO_OOM);
     146         [ -  + ]:        2986 :     if (!state->errormsg_buf)
     147                 :             :     {
     148                 :           0 :         pfree(state->readBuf);
     149                 :           0 :         pfree(state);
     150                 :           0 :         return NULL;
     151                 :             :     }
     152                 :        2986 :     state->errormsg_buf[0] = '\0';
     153                 :             : 
     154                 :             :     /*
     155                 :             :      * Allocate an initial readRecordBuf of minimal size, which can later be
     156                 :             :      * enlarged if necessary.
     157                 :             :      */
     158                 :        2986 :     allocate_recordbuf(state, 0);
     159                 :        2986 :     return state;
     160                 :             : }
     161                 :             : 
     162                 :             : void
     163                 :        2373 : XLogReaderFree(XLogReaderState *state)
     164                 :             : {
     165         [ +  + ]:        2373 :     if (state->seg.ws_file != -1)
     166                 :        1303 :         state->routine.segment_close(state);
     167                 :             : 
     168   [ +  +  +  - ]:        2373 :     if (state->decode_buffer && state->free_decode_buffer)
     169                 :        2322 :         pfree(state->decode_buffer);
     170                 :             : 
     171                 :        2373 :     pfree(state->errormsg_buf);
     172         [ +  - ]:        2373 :     if (state->readRecordBuf)
     173                 :        2373 :         pfree(state->readRecordBuf);
     174                 :        2373 :     pfree(state->readBuf);
     175                 :        2373 :     pfree(state);
     176                 :        2373 : }
     177                 :             : 
     178                 :             : /*
     179                 :             :  * Allocate readRecordBuf to fit a record of at least the given length.
     180                 :             :  *
     181                 :             :  * readRecordBufSize is set to the new buffer size.
     182                 :             :  *
     183                 :             :  * To avoid useless small increases, round its size to a multiple of
     184                 :             :  * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
     185                 :             :  * with.  (That is enough for all "normal" records, but very large commit or
     186                 :             :  * abort records might need more space.)
     187                 :             :  *
     188                 :             :  * Note: This routine should *never* be called for xl_tot_len until the header
     189                 :             :  * of the record has been fully validated.
     190                 :             :  */
     191                 :             : static void
     192                 :        3015 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
     193                 :             : {
     194                 :        3015 :     uint32      newSize = reclength;
     195                 :             : 
     196                 :        3015 :     newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
     197                 :        3015 :     newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
     198                 :             : 
     199         [ +  + ]:        3015 :     if (state->readRecordBuf)
     200                 :          29 :         pfree(state->readRecordBuf);
     201                 :        3015 :     state->readRecordBuf = (char *) palloc(newSize);
     202                 :        3015 :     state->readRecordBufSize = newSize;
     203                 :        3015 : }
     204                 :             : 
     205                 :             : /*
     206                 :             :  * Initialize the passed segment structs.
     207                 :             :  */
     208                 :             : static void
     209                 :        2986 : WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
     210                 :             :                    int segsize, const char *waldir)
     211                 :             : {
     212                 :        2986 :     seg->ws_file = -1;
     213                 :        2986 :     seg->ws_segno = 0;
     214                 :        2986 :     seg->ws_tli = 0;
     215                 :             : 
     216                 :        2986 :     segcxt->ws_segsize = segsize;
     217         [ -  + ]:        2986 :     if (waldir)
     218                 :           0 :         snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
     219                 :        2986 : }
     220                 :             : 
     221                 :             : /*
     222                 :             :  * Begin reading WAL at 'RecPtr'.
     223                 :             :  *
     224                 :             :  * 'RecPtr' should point to the beginning of a valid WAL record.  Pointing at
     225                 :             :  * the beginning of a page is also OK, if there is a new record right after
     226                 :             :  * the page header, i.e. not a continuation.
     227                 :             :  *
     228                 :             :  * This does not make any attempt to read the WAL yet, and hence cannot fail.
     229                 :             :  * If the starting address is not correct, the first call to XLogReadRecord()
     230                 :             :  * will error out.
     231                 :             :  */
     232                 :             : void
     233                 :        3982 : XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
     234                 :             : {
     235                 :             :     Assert(XLogRecPtrIsValid(RecPtr));
     236                 :             : 
     237                 :        3982 :     ResetDecoder(state);
     238                 :             : 
     239                 :             :     /* Begin at the passed-in record pointer. */
     240                 :        3982 :     state->EndRecPtr = RecPtr;
     241                 :        3982 :     state->NextRecPtr = RecPtr;
     242                 :        3982 :     state->ReadRecPtr = InvalidXLogRecPtr;
     243                 :        3982 :     state->DecodeRecPtr = InvalidXLogRecPtr;
     244                 :        3982 : }
     245                 :             : 
     246                 :             : /*
     247                 :             :  * Release the last record that was returned by XLogNextRecord(), if any, to
     248                 :             :  * free up space.  Returns the LSN past the end of the record.
     249                 :             :  */
     250                 :             : XLogRecPtr
     251                 :    10128718 : XLogReleasePreviousRecord(XLogReaderState *state)
     252                 :             : {
     253                 :             :     DecodedXLogRecord *record;
     254                 :             :     XLogRecPtr  next_lsn;
     255                 :             : 
     256         [ +  + ]:    10128718 :     if (!state->record)
     257                 :     5071533 :         return InvalidXLogRecPtr;
     258                 :             : 
     259                 :             :     /*
     260                 :             :      * Remove it from the decoded record queue.  It must be the oldest item
     261                 :             :      * decoded, decode_queue_head.
     262                 :             :      */
     263                 :     5057185 :     record = state->record;
     264                 :     5057185 :     next_lsn = record->next_lsn;
     265                 :             :     Assert(record == state->decode_queue_head);
     266                 :     5057185 :     state->record = NULL;
     267                 :     5057185 :     state->decode_queue_head = record->next;
     268                 :             : 
     269                 :             :     /* It might also be the newest item decoded, decode_queue_tail. */
     270         [ +  + ]:     5057185 :     if (state->decode_queue_tail == record)
     271                 :     2124348 :         state->decode_queue_tail = NULL;
     272                 :             : 
     273                 :             :     /* Release the space. */
     274         [ +  + ]:     5057185 :     if (unlikely(record->oversized))
     275                 :             :     {
     276                 :             :         /* It's not in the decode buffer, so free it to release space. */
     277                 :          45 :         pfree(record);
     278                 :             :     }
     279                 :             :     else
     280                 :             :     {
     281                 :             :         /* It must be the head (oldest) record in the decode buffer. */
     282                 :             :         Assert(state->decode_buffer_head == (char *) record);
     283                 :             : 
     284                 :             :         /*
     285                 :             :          * We need to update head to point to the next record that is in the
     286                 :             :          * decode buffer, if any, being careful to skip oversized ones
     287                 :             :          * (they're not in the decode buffer).
     288                 :             :          */
     289                 :     5057140 :         record = record->next;
     290   [ +  +  -  +  :     5057140 :         while (unlikely(record && record->oversized))
                   -  + ]
     291                 :           0 :             record = record->next;
     292                 :             : 
     293         [ +  + ]:     5057140 :         if (record)
     294                 :             :         {
     295                 :             :             /* Adjust head to release space up to the next record. */
     296                 :     2932837 :             state->decode_buffer_head = (char *) record;
     297                 :             :         }
     298                 :             :         else
     299                 :             :         {
     300                 :             :             /*
     301                 :             :              * Otherwise we might as well just reset head and tail to the
     302                 :             :              * start of the buffer space, because we're empty.  This means
     303                 :             :              * we'll keep overwriting the same piece of memory if we're not
     304                 :             :              * doing any prefetching.
     305                 :             :              */
     306                 :     2124303 :             state->decode_buffer_head = state->decode_buffer;
     307                 :     2124303 :             state->decode_buffer_tail = state->decode_buffer;
     308                 :             :         }
     309                 :             :     }
     310                 :             : 
     311                 :     5057185 :     return next_lsn;
     312                 :             : }
     313                 :             : 
     314                 :             : /*
     315                 :             :  * Attempt to read an XLOG record.
     316                 :             :  *
     317                 :             :  * XLogBeginRead() or XLogFindNextRecord() and then XLogReadAhead() must be
     318                 :             :  * called before the first call to XLogNextRecord().  This functions returns
     319                 :             :  * records and errors that were put into an internal queue by XLogReadAhead().
     320                 :             :  *
     321                 :             :  * On success, a record is returned.
     322                 :             :  *
     323                 :             :  * The returned record (or *errormsg) points to an internal buffer that's
     324                 :             :  * valid until the next call to XLogNextRecord.
     325                 :             :  */
     326                 :             : DecodedXLogRecord *
     327                 :     5064226 : XLogNextRecord(XLogReaderState *state, char **errormsg)
     328                 :             : {
     329                 :             :     /* Release the last record returned by XLogNextRecord(). */
     330                 :     5064226 :     XLogReleasePreviousRecord(state);
     331                 :             : 
     332         [ +  + ]:     5064226 :     if (state->decode_queue_head == NULL)
     333                 :             :     {
     334                 :        3714 :         *errormsg = NULL;
     335         [ +  + ]:        3714 :         if (state->errormsg_deferred)
     336                 :             :         {
     337         [ +  + ]:         308 :             if (state->errormsg_buf[0] != '\0')
     338                 :         305 :                 *errormsg = state->errormsg_buf;
     339                 :         308 :             state->errormsg_deferred = false;
     340                 :             :         }
     341                 :             : 
     342                 :             :         /*
     343                 :             :          * state->EndRecPtr is expected to have been set by the last call to
     344                 :             :          * XLogBeginRead() or XLogNextRecord(), and is the location of the
     345                 :             :          * error.
     346                 :             :          */
     347                 :             :         Assert(XLogRecPtrIsValid(state->EndRecPtr));
     348                 :             : 
     349                 :        3714 :         return NULL;
     350                 :             :     }
     351                 :             : 
     352                 :             :     /*
     353                 :             :      * Record this as the most recent record returned, so that we'll release
     354                 :             :      * it next time.  This also exposes it to the traditional
     355                 :             :      * XLogRecXXX(xlogreader) macros, which work with the decoder rather than
     356                 :             :      * the record for historical reasons.
     357                 :             :      */
     358                 :     5060512 :     state->record = state->decode_queue_head;
     359                 :             : 
     360                 :             :     /*
     361                 :             :      * Update the pointers to the beginning and one-past-the-end of this
     362                 :             :      * record, again for the benefit of historical code that expected the
     363                 :             :      * decoder to track this rather than accessing these fields of the record
     364                 :             :      * itself.
     365                 :             :      */
     366                 :     5060512 :     state->ReadRecPtr = state->record->lsn;
     367                 :     5060512 :     state->EndRecPtr = state->record->next_lsn;
     368                 :             : 
     369                 :     5060512 :     *errormsg = NULL;
     370                 :             : 
     371                 :     5060512 :     return state->record;
     372                 :             : }
     373                 :             : 
     374                 :             : /*
     375                 :             :  * Attempt to read an XLOG record.
     376                 :             :  *
     377                 :             :  * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
     378                 :             :  * to XLogReadRecord().
     379                 :             :  *
     380                 :             :  * If the page_read callback fails to read the requested data, NULL is
     381                 :             :  * returned.  The callback is expected to have reported the error; errormsg
     382                 :             :  * is set to NULL.
     383                 :             :  *
     384                 :             :  * If the reading fails for some other reason, NULL is also returned, and
     385                 :             :  * *errormsg is set to a string with details of the failure.
     386                 :             :  *
     387                 :             :  * The returned pointer (or *errormsg) points to an internal buffer that's
     388                 :             :  * valid until the next call to XLogReadRecord.
     389                 :             :  */
     390                 :             : XLogRecord *
     391                 :     2097228 : XLogReadRecord(XLogReaderState *state, char **errormsg)
     392                 :             : {
     393                 :             :     DecodedXLogRecord *decoded;
     394                 :             : 
     395                 :             :     /*
     396                 :             :      * Release last returned record, if there is one.  We need to do this so
     397                 :             :      * that we can check for empty decode queue accurately.
     398                 :             :      */
     399                 :     2097228 :     XLogReleasePreviousRecord(state);
     400                 :             : 
     401                 :             :     /*
     402                 :             :      * Call XLogReadAhead() in blocking mode to make sure there is something
     403                 :             :      * in the queue, though we don't use the result.
     404                 :             :      */
     405         [ +  - ]:     2097228 :     if (!XLogReaderHasQueuedRecordOrError(state))
     406                 :     2097228 :         XLogReadAhead(state, false /* nonblocking */ );
     407                 :             : 
     408                 :             :     /* Consume the head record or error. */
     409                 :     2097025 :     decoded = XLogNextRecord(state, errormsg);
     410         [ +  + ]:     2097025 :     if (decoded)
     411                 :             :     {
     412                 :             :         /*
     413                 :             :          * This function returns a pointer to the record's header, not the
     414                 :             :          * actual decoded record.  The caller will access the decoded record
     415                 :             :          * through the XLogRecGetXXX() macros, which reach the decoded
     416                 :             :          * recorded as xlogreader->record.
     417                 :             :          */
     418                 :             :         Assert(state->record == decoded);
     419                 :     2093643 :         return &decoded->header;
     420                 :             :     }
     421                 :             : 
     422                 :        3382 :     return NULL;
     423                 :             : }
     424                 :             : 
     425                 :             : /*
     426                 :             :  * Allocate space for a decoded record.  The only member of the returned
     427                 :             :  * object that is initialized is the 'oversized' flag, indicating that the
     428                 :             :  * decoded record wouldn't fit in the decode buffer and must eventually be
     429                 :             :  * freed explicitly.
     430                 :             :  *
     431                 :             :  * The caller is responsible for adjusting decode_buffer_tail with the real
     432                 :             :  * size after successfully decoding a record into this space.  This way, if
     433                 :             :  * decoding fails, then there is nothing to undo unless the 'oversized' flag
     434                 :             :  * was set and pfree() must be called.
     435                 :             :  *
     436                 :             :  * Return NULL if there is no space in the decode buffer and allow_oversized
     437                 :             :  * is false, or if memory allocation fails for an oversized buffer.
     438                 :             :  */
     439                 :             : static DecodedXLogRecord *
     440                 :     5067723 : XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversized)
     441                 :             : {
     442                 :     5067723 :     size_t      required_space = DecodeXLogRecordRequiredSpace(xl_tot_len);
     443                 :     5067723 :     DecodedXLogRecord *decoded = NULL;
     444                 :             : 
     445                 :             :     /* Allocate a circular decode buffer if we don't have one already. */
     446         [ +  + ]:     5067723 :     if (unlikely(state->decode_buffer == NULL))
     447                 :             :     {
     448         [ +  + ]:        2632 :         if (state->decode_buffer_size == 0)
     449                 :        1544 :             state->decode_buffer_size = DEFAULT_DECODE_BUFFER_SIZE;
     450                 :        2632 :         state->decode_buffer = palloc(state->decode_buffer_size);
     451                 :        2632 :         state->decode_buffer_head = state->decode_buffer;
     452                 :        2632 :         state->decode_buffer_tail = state->decode_buffer;
     453                 :        2632 :         state->free_decode_buffer = true;
     454                 :             :     }
     455                 :             : 
     456                 :             :     /* Try to allocate space in the circular decode buffer. */
     457         [ +  + ]:     5067723 :     if (state->decode_buffer_tail >= state->decode_buffer_head)
     458                 :             :     {
     459                 :             :         /* Empty, or tail is to the right of head. */
     460                 :     4128309 :         if (required_space <=
     461                 :     4128309 :             state->decode_buffer_size -
     462         [ +  + ]:     4128309 :             (state->decode_buffer_tail - state->decode_buffer))
     463                 :             :         {
     464                 :             :             /*-
     465                 :             :              * There is space between tail and end.
     466                 :             :              *
     467                 :             :              * +-----+--------------------+-----+
     468                 :             :              * |     |////////////////////|here!|
     469                 :             :              * +-----+--------------------+-----+
     470                 :             :              *       ^                    ^
     471                 :             :              *       |                    |
     472                 :             :              *       h                    t
     473                 :             :              */
     474                 :     4108700 :             decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
     475                 :     4108700 :             decoded->oversized = false;
     476                 :     4108700 :             return decoded;
     477                 :             :         }
     478                 :       19609 :         else if (required_space <
     479         [ +  + ]:       19609 :                  state->decode_buffer_head - state->decode_buffer)
     480                 :             :         {
     481                 :             :             /*-
     482                 :             :              * There is space between start and head.
     483                 :             :              *
     484                 :             :              * +-----+--------------------+-----+
     485                 :             :              * |here!|////////////////////|     |
     486                 :             :              * +-----+--------------------+-----+
     487                 :             :              *       ^                    ^
     488                 :             :              *       |                    |
     489                 :             :              *       h                    t
     490                 :             :              */
     491                 :       17167 :             decoded = (DecodedXLogRecord *) state->decode_buffer;
     492                 :       17167 :             decoded->oversized = false;
     493                 :       17167 :             return decoded;
     494                 :             :         }
     495                 :             :     }
     496                 :             :     else
     497                 :             :     {
     498                 :             :         /* Tail is to the left of head. */
     499                 :      939414 :         if (required_space <
     500         [ +  + ]:      939414 :             state->decode_buffer_head - state->decode_buffer_tail)
     501                 :             :         {
     502                 :             :             /*-
     503                 :             :              * There is space between tail and head.
     504                 :             :              *
     505                 :             :              * +-----+--------------------+-----+
     506                 :             :              * |/////|here!               |/////|
     507                 :             :              * +-----+--------------------+-----+
     508                 :             :              *       ^                    ^
     509                 :             :              *       |                    |
     510                 :             :              *       t                    h
     511                 :             :              */
     512                 :      939218 :             decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
     513                 :      939218 :             decoded->oversized = false;
     514                 :      939218 :             return decoded;
     515                 :             :         }
     516                 :             :     }
     517                 :             : 
     518                 :             :     /* Not enough space in the decode buffer.  Are we allowed to allocate? */
     519         [ +  + ]:        2638 :     if (allow_oversized)
     520                 :             :     {
     521                 :          45 :         decoded = palloc(required_space);
     522                 :          45 :         decoded->oversized = true;
     523                 :          45 :         return decoded;
     524                 :             :     }
     525                 :             : 
     526                 :        2593 :     return NULL;
     527                 :             : }
     528                 :             : 
     529                 :             : static XLogPageReadResult
     530                 :     5080328 : XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking)
     531                 :             : {
     532                 :             :     XLogRecPtr  RecPtr;
     533                 :             :     XLogRecord *record;
     534                 :             :     XLogRecPtr  targetPagePtr;
     535                 :             :     bool        randAccess;
     536                 :             :     uint32      len,
     537                 :             :                 total_len;
     538                 :             :     uint32      targetRecOff;
     539                 :             :     uint32      pageHeaderSize;
     540                 :             :     bool        assembled;
     541                 :             :     bool        gotheader;
     542                 :             :     int         readOff;
     543                 :             :     DecodedXLogRecord *decoded;
     544                 :             :     char       *errormsg;       /* not used */
     545                 :             : 
     546                 :             :     /*
     547                 :             :      * randAccess indicates whether to verify the previous-record pointer of
     548                 :             :      * the record we're reading.  We only do this if we're reading
     549                 :             :      * sequentially, which is what we initially assume.
     550                 :             :      */
     551                 :     5080328 :     randAccess = false;
     552                 :             : 
     553                 :             :     /* reset error state */
     554                 :     5080328 :     state->errormsg_buf[0] = '\0';
     555                 :     5080328 :     decoded = NULL;
     556                 :             : 
     557                 :     5080328 :     state->abortedRecPtr = InvalidXLogRecPtr;
     558                 :     5080328 :     state->missingContrecPtr = InvalidXLogRecPtr;
     559                 :             : 
     560                 :     5080328 :     RecPtr = state->NextRecPtr;
     561                 :             : 
     562         [ +  + ]:     5080328 :     if (XLogRecPtrIsValid(state->DecodeRecPtr))
     563                 :             :     {
     564                 :             :         /* read the record after the one we just read */
     565                 :             : 
     566                 :             :         /*
     567                 :             :          * NextRecPtr is pointing to end+1 of the previous WAL record.  If
     568                 :             :          * we're at a page boundary, no more records can fit on the current
     569                 :             :          * page. We must skip over the page header, but we can't do that until
     570                 :             :          * we've read in the page, since the header size is variable.
     571                 :             :          */
     572                 :             :     }
     573                 :             :     else
     574                 :             :     {
     575                 :             :         /*
     576                 :             :          * Caller supplied a position to start at.
     577                 :             :          *
     578                 :             :          * In this case, NextRecPtr should already be pointing either to a
     579                 :             :          * valid record starting position or alternatively to the beginning of
     580                 :             :          * a page. See the header comments for XLogBeginRead.
     581                 :             :          */
     582                 :             :         Assert(RecPtr % XLOG_BLCKSZ == 0 || XRecOffIsValid(RecPtr));
     583                 :        3940 :         randAccess = true;
     584                 :             :     }
     585                 :             : 
     586                 :     5080328 : restart:
     587                 :     5080329 :     state->nonblocking = nonblocking;
     588                 :     5080329 :     state->currRecPtr = RecPtr;
     589                 :     5080329 :     assembled = false;
     590                 :             : 
     591                 :     5080329 :     targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
     592                 :     5080329 :     targetRecOff = RecPtr % XLOG_BLCKSZ;
     593                 :             : 
     594                 :             :     /*
     595                 :             :      * Read the page containing the record into state->readBuf. Request enough
     596                 :             :      * byte to cover the whole record header, or at least the part of it that
     597                 :             :      * fits on the same page.
     598                 :             :      */
     599                 :     5080329 :     readOff = ReadPageInternal(state, targetPagePtr,
     600                 :     5080329 :                                Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
     601         [ +  + ]:     5080065 :     if (readOff == XLREAD_WOULDBLOCK)
     602                 :        8667 :         return XLREAD_WOULDBLOCK;
     603         [ +  + ]:     5071398 :     else if (readOff < 0)
     604                 :        3431 :         goto err;
     605                 :             : 
     606                 :             :     /*
     607                 :             :      * ReadPageInternal always returns at least the page header, so we can
     608                 :             :      * examine it now.
     609                 :             :      */
     610         [ +  + ]:     5067967 :     pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
     611         [ +  + ]:     5067967 :     if (targetRecOff == 0)
     612                 :             :     {
     613                 :             :         /*
     614                 :             :          * At page start, so skip over page header.
     615                 :             :          */
     616                 :        5280 :         RecPtr += pageHeaderSize;
     617                 :        5280 :         targetRecOff = pageHeaderSize;
     618                 :             :     }
     619         [ -  + ]:     5062687 :     else if (targetRecOff < pageHeaderSize)
     620                 :             :     {
     621                 :           0 :         report_invalid_record(state, "invalid record offset at %X/%08X: expected at least %u, got %u",
     622                 :           0 :                               LSN_FORMAT_ARGS(RecPtr),
     623                 :             :                               pageHeaderSize, targetRecOff);
     624                 :           0 :         goto err;
     625                 :             :     }
     626                 :             : 
     627   [ +  +  -  + ]:     5067967 :     if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
     628                 :             :         targetRecOff == pageHeaderSize)
     629                 :             :     {
     630                 :           0 :         report_invalid_record(state, "contrecord is requested by %X/%08X",
     631                 :           0 :                               LSN_FORMAT_ARGS(RecPtr));
     632                 :           0 :         goto err;
     633                 :             :     }
     634                 :             : 
     635                 :             :     /* ReadPageInternal has verified the page header */
     636                 :             :     Assert(pageHeaderSize <= readOff);
     637                 :             : 
     638                 :             :     /*
     639                 :             :      * Read the record length.
     640                 :             :      *
     641                 :             :      * NB: Even though we use an XLogRecord pointer here, the whole record
     642                 :             :      * header might not fit on this page. xl_tot_len is the first field of the
     643                 :             :      * struct, so it must be on this page (the records are MAXALIGNed), but we
     644                 :             :      * cannot access any other fields until we've verified that we got the
     645                 :             :      * whole header.
     646                 :             :      */
     647                 :     5067967 :     record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
     648                 :     5067967 :     total_len = record->xl_tot_len;
     649                 :             : 
     650                 :             :     /*
     651                 :             :      * If the whole record header is on this page, validate it immediately.
     652                 :             :      * Otherwise do just a basic sanity check on xl_tot_len, and validate the
     653                 :             :      * rest of the header after reading it from the next page.  The xl_tot_len
     654                 :             :      * check is necessary here to ensure that we enter the "Need to reassemble
     655                 :             :      * record" code path below; otherwise we might fail to apply
     656                 :             :      * ValidXLogRecordHeader at all.
     657                 :             :      */
     658         [ +  + ]:     5067967 :     if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
     659                 :             :     {
     660         [ +  + ]:     5057800 :         if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr, record,
     661                 :             :                                    randAccess))
     662                 :         288 :             goto err;
     663                 :     5057512 :         gotheader = true;
     664                 :             :     }
     665                 :             :     else
     666                 :             :     {
     667                 :             :         /* There may be no next page if it's too small. */
     668         [ +  + ]:       10167 :         if (total_len < SizeOfXLogRecord)
     669                 :             :         {
     670                 :           1 :             report_invalid_record(state,
     671                 :             :                                   "invalid record length at %X/%08X: expected at least %u, got %u",
     672                 :           1 :                                   LSN_FORMAT_ARGS(RecPtr),
     673                 :             :                                   (uint32) SizeOfXLogRecord, total_len);
     674                 :           1 :             goto err;
     675                 :             :         }
     676                 :             :         /* We'll validate the header once we have the next page. */
     677                 :       10166 :         gotheader = false;
     678                 :             :     }
     679                 :             : 
     680                 :             :     /*
     681                 :             :      * Try to find space to decode this record, if we can do so without
     682                 :             :      * calling palloc.  If we can't, we'll try again below after we've
     683                 :             :      * validated that total_len isn't garbage bytes from a recycled WAL page.
     684                 :             :      */
     685                 :     5067678 :     decoded = XLogReadRecordAlloc(state,
     686                 :             :                                   total_len,
     687                 :             :                                   false /* allow_oversized */ );
     688   [ +  +  +  + ]:     5067678 :     if (decoded == NULL && nonblocking)
     689                 :             :     {
     690                 :             :         /*
     691                 :             :          * There is no space in the circular decode buffer, and the caller is
     692                 :             :          * only reading ahead.  The caller should consume existing records to
     693                 :             :          * make space.
     694                 :             :          */
     695                 :        2536 :         return XLREAD_WOULDBLOCK;
     696                 :             :     }
     697                 :             : 
     698                 :     5065142 :     len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
     699         [ +  + ]:     5065142 :     if (total_len > len)
     700                 :             :     {
     701                 :             :         /* Need to reassemble record */
     702                 :             :         char       *contdata;
     703                 :             :         XLogPageHeader pageHeader;
     704                 :             :         char       *buffer;
     705                 :             :         uint32      gotlen;
     706                 :             : 
     707                 :     1488286 :         assembled = true;
     708                 :             : 
     709                 :             :         /*
     710                 :             :          * We always have space for a couple of pages, enough to validate a
     711                 :             :          * boundary-spanning record header.
     712                 :             :          */
     713                 :             :         Assert(state->readRecordBufSize >= XLOG_BLCKSZ * 2);
     714                 :             :         Assert(state->readRecordBufSize >= len);
     715                 :             : 
     716                 :             :         /* Copy the first fragment of the record from the first page. */
     717                 :     1488286 :         memcpy(state->readRecordBuf,
     718                 :     1488286 :                state->readBuf + RecPtr % XLOG_BLCKSZ, len);
     719                 :     1488286 :         buffer = state->readRecordBuf + len;
     720                 :     1488286 :         gotlen = len;
     721                 :             : 
     722                 :             :         do
     723                 :             :         {
     724                 :             :             /* Calculate pointer to beginning of next page */
     725                 :     1519730 :             targetPagePtr += XLOG_BLCKSZ;
     726                 :             : 
     727                 :             :             /*
     728                 :             :              * Read the page header before processing the record data, so we
     729                 :             :              * can handle the case where the previous record ended as being a
     730                 :             :              * partial one.
     731                 :             :              */
     732                 :     1519730 :             readOff = ReadPageInternal(state, targetPagePtr, SizeOfXLogShortPHD);
     733         [ +  + ]:     1519728 :             if (readOff == XLREAD_WOULDBLOCK)
     734                 :        4536 :                 return XLREAD_WOULDBLOCK;
     735         [ +  + ]:     1515192 :             else if (readOff < 0)
     736                 :          15 :                 goto err;
     737                 :             : 
     738                 :             :             Assert(SizeOfXLogShortPHD <= readOff);
     739                 :             : 
     740                 :     1515177 :             pageHeader = (XLogPageHeader) state->readBuf;
     741                 :             : 
     742                 :             :             /*
     743                 :             :              * If we were expecting a continuation record and got an
     744                 :             :              * "overwrite contrecord" flag, that means the continuation record
     745                 :             :              * was overwritten with a different record.  Restart the read by
     746                 :             :              * assuming the address to read is the location where we found
     747                 :             :              * this flag; but keep track of the LSN of the record we were
     748                 :             :              * reading, for later verification.
     749                 :             :              */
     750         [ +  + ]:     1515177 :             if (pageHeader->xlp_info & XLP_FIRST_IS_OVERWRITE_CONTRECORD)
     751                 :             :             {
     752                 :           1 :                 state->overwrittenRecPtr = RecPtr;
     753                 :           1 :                 RecPtr = targetPagePtr;
     754                 :           1 :                 goto restart;
     755                 :             :             }
     756                 :             : 
     757                 :             :             /* Check that the continuation on next page looks valid */
     758         [ +  + ]:     1515176 :             if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
     759                 :             :             {
     760                 :           1 :                 report_invalid_record(state,
     761                 :             :                                       "there is no contrecord flag at %X/%08X",
     762                 :           1 :                                       LSN_FORMAT_ARGS(RecPtr));
     763                 :           1 :                 goto err;
     764                 :             :             }
     765                 :             : 
     766                 :             :             /*
     767                 :             :              * Cross-check that xlp_rem_len agrees with how much of the record
     768                 :             :              * we expect there to be left.
     769                 :             :              */
     770         [ +  - ]:     1515175 :             if (pageHeader->xlp_rem_len == 0 ||
     771         [ +  + ]:     1515175 :                 total_len != (pageHeader->xlp_rem_len + gotlen))
     772                 :             :             {
     773                 :           2 :                 report_invalid_record(state,
     774                 :             :                                       "invalid contrecord length %u (expected %lld) at %X/%08X",
     775                 :             :                                       pageHeader->xlp_rem_len,
     776                 :           2 :                                       ((long long) total_len) - gotlen,
     777                 :           2 :                                       LSN_FORMAT_ARGS(RecPtr));
     778                 :           2 :                 goto err;
     779                 :             :             }
     780                 :             : 
     781                 :             :             /* Wait for the next page to become available */
     782                 :     1515173 :             readOff = ReadPageInternal(state, targetPagePtr,
     783                 :     1515173 :                                        Min(total_len - gotlen + SizeOfXLogShortPHD,
     784                 :             :                                            XLOG_BLCKSZ));
     785         [ -  + ]:     1515173 :             if (readOff == XLREAD_WOULDBLOCK)
     786                 :           0 :                 return XLREAD_WOULDBLOCK;
     787         [ -  + ]:     1515173 :             else if (readOff < 0)
     788                 :           0 :                 goto err;
     789                 :             : 
     790                 :             :             /* Append the continuation from this page to the buffer */
     791         [ +  + ]:     1515173 :             pageHeaderSize = XLogPageHeaderSize(pageHeader);
     792                 :             : 
     793         [ -  + ]:     1515173 :             if (readOff < pageHeaderSize)
     794                 :           0 :                 readOff = ReadPageInternal(state, targetPagePtr,
     795                 :             :                                            pageHeaderSize);
     796                 :             : 
     797                 :             :             Assert(pageHeaderSize <= readOff);
     798                 :             : 
     799                 :     1515173 :             contdata = (char *) state->readBuf + pageHeaderSize;
     800                 :     1515173 :             len = XLOG_BLCKSZ - pageHeaderSize;
     801         [ +  + ]:     1515173 :             if (pageHeader->xlp_rem_len < len)
     802                 :     1483720 :                 len = pageHeader->xlp_rem_len;
     803                 :             : 
     804         [ -  + ]:     1515173 :             if (readOff < pageHeaderSize + len)
     805                 :           0 :                 readOff = ReadPageInternal(state, targetPagePtr,
     806                 :           0 :                                            pageHeaderSize + len);
     807                 :             : 
     808                 :     1515173 :             memcpy(buffer, contdata, len);
     809                 :     1515173 :             buffer += len;
     810                 :     1515173 :             gotlen += len;
     811                 :             : 
     812                 :             :             /* If we just reassembled the record header, validate it. */
     813         [ +  + ]:     1515173 :             if (!gotheader)
     814                 :             :             {
     815                 :       10126 :                 record = (XLogRecord *) state->readRecordBuf;
     816         [ -  + ]:       10126 :                 if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr,
     817                 :             :                                            record, randAccess))
     818                 :           0 :                     goto err;
     819                 :       10126 :                 gotheader = true;
     820                 :             :             }
     821                 :             : 
     822                 :             :             /*
     823                 :             :              * We might need a bigger buffer.  We have validated the record
     824                 :             :              * header, in the case that it split over a page boundary.  We've
     825                 :             :              * also cross-checked total_len against xlp_rem_len on the second
     826                 :             :              * page, and verified xlp_pageaddr on both.
     827                 :             :              */
     828         [ +  + ]:     1515173 :             if (total_len > state->readRecordBufSize)
     829                 :             :             {
     830                 :             :                 char        save_copy[XLOG_BLCKSZ * 2];
     831                 :             : 
     832                 :             :                 /*
     833                 :             :                  * Save and restore the data we already had.  It can't be more
     834                 :             :                  * than two pages.
     835                 :             :                  */
     836                 :             :                 Assert(gotlen <= lengthof(save_copy));
     837                 :             :                 Assert(gotlen <= state->readRecordBufSize);
     838                 :          29 :                 memcpy(save_copy, state->readRecordBuf, gotlen);
     839                 :          29 :                 allocate_recordbuf(state, total_len);
     840                 :          29 :                 memcpy(state->readRecordBuf, save_copy, gotlen);
     841                 :          29 :                 buffer = state->readRecordBuf + gotlen;
     842                 :             :             }
     843         [ +  + ]:     1515173 :         } while (gotlen < total_len);
     844                 :             :         Assert(gotheader);
     845                 :             : 
     846                 :     1483729 :         record = (XLogRecord *) state->readRecordBuf;
     847         [ -  + ]:     1483729 :         if (!ValidXLogRecord(state, record, RecPtr))
     848                 :           0 :             goto err;
     849                 :             : 
     850         [ +  + ]:     1483729 :         pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
     851                 :     1483729 :         state->DecodeRecPtr = RecPtr;
     852                 :     1483729 :         state->NextRecPtr = targetPagePtr + pageHeaderSize
     853                 :     1483729 :             + MAXALIGN(pageHeader->xlp_rem_len);
     854                 :             :     }
     855                 :             :     else
     856                 :             :     {
     857                 :             :         /* Wait for the record data to become available */
     858                 :     3576856 :         readOff = ReadPageInternal(state, targetPagePtr,
     859                 :     3576856 :                                    Min(targetRecOff + total_len, XLOG_BLCKSZ));
     860         [ -  + ]:     3576856 :         if (readOff == XLREAD_WOULDBLOCK)
     861                 :           0 :             return XLREAD_WOULDBLOCK;
     862         [ -  + ]:     3576856 :         else if (readOff < 0)
     863                 :           0 :             goto err;
     864                 :             : 
     865                 :             :         /* Record does not cross a page boundary */
     866         [ +  + ]:     3576856 :         if (!ValidXLogRecord(state, record, RecPtr))
     867                 :           1 :             goto err;
     868                 :             : 
     869                 :     3576855 :         state->NextRecPtr = RecPtr + MAXALIGN(total_len);
     870                 :             : 
     871                 :     3576855 :         state->DecodeRecPtr = RecPtr;
     872                 :             :     }
     873                 :             : 
     874                 :             :     /*
     875                 :             :      * Special processing if it's an XLOG SWITCH record
     876                 :             :      */
     877         [ +  + ]:     5060584 :     if (record->xl_rmid == RM_XLOG_ID &&
     878         [ +  + ]:      126737 :         (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
     879                 :             :     {
     880                 :             :         /* Pretend it extends to end of segment */
     881                 :         555 :         state->NextRecPtr += state->segcxt.ws_segsize - 1;
     882                 :         555 :         state->NextRecPtr -= XLogSegmentOffset(state->NextRecPtr, state->segcxt.ws_segsize);
     883                 :             :     }
     884                 :             : 
     885                 :             :     /*
     886                 :             :      * If we got here without a DecodedXLogRecord, it means we needed to
     887                 :             :      * validate total_len before trusting it, but by now we've done that.
     888                 :             :      */
     889         [ +  + ]:     5060584 :     if (decoded == NULL)
     890                 :             :     {
     891                 :             :         Assert(!nonblocking);
     892                 :          45 :         decoded = XLogReadRecordAlloc(state,
     893                 :             :                                       total_len,
     894                 :             :                                       true /* allow_oversized */ );
     895                 :             :         /* allocation should always happen under allow_oversized */
     896                 :             :         Assert(decoded != NULL);
     897                 :             :     }
     898                 :             : 
     899         [ +  - ]:     5060584 :     if (DecodeXLogRecord(state, decoded, record, RecPtr, &errormsg))
     900                 :             :     {
     901                 :             :         /* Record the location of the next record. */
     902                 :     5060584 :         decoded->next_lsn = state->NextRecPtr;
     903                 :             : 
     904                 :             :         /*
     905                 :             :          * If it's in the decode buffer, mark the decode buffer space as
     906                 :             :          * occupied.
     907                 :             :          */
     908         [ +  + ]:     5060584 :         if (!decoded->oversized)
     909                 :             :         {
     910                 :             :             /* The new decode buffer head must be MAXALIGNed. */
     911                 :             :             Assert(decoded->size == MAXALIGN(decoded->size));
     912         [ +  + ]:     5060539 :             if ((char *) decoded == state->decode_buffer)
     913                 :     2144769 :                 state->decode_buffer_tail = state->decode_buffer + decoded->size;
     914                 :             :             else
     915                 :     2915770 :                 state->decode_buffer_tail += decoded->size;
     916                 :             :         }
     917                 :             : 
     918                 :             :         /* Insert it into the queue of decoded records. */
     919                 :             :         Assert(state->decode_queue_tail != decoded);
     920         [ +  + ]:     5060584 :         if (state->decode_queue_tail)
     921                 :     2932909 :             state->decode_queue_tail->next = decoded;
     922                 :     5060584 :         state->decode_queue_tail = decoded;
     923         [ +  + ]:     5060584 :         if (!state->decode_queue_head)
     924                 :     2127675 :             state->decode_queue_head = decoded;
     925                 :     5060584 :         return XLREAD_SUCCESS;
     926                 :             :     }
     927                 :             : 
     928                 :           0 : err:
     929         [ +  + ]:        3739 :     if (assembled)
     930                 :             :     {
     931                 :             :         /*
     932                 :             :          * We get here when a record that spans multiple pages needs to be
     933                 :             :          * assembled, but something went wrong -- perhaps a contrecord piece
     934                 :             :          * was lost.  If caller is WAL replay, it will know where the aborted
     935                 :             :          * record was and where to direct followup WAL to be written, marking
     936                 :             :          * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
     937                 :             :          * in turn signal downstream WAL consumers that the broken WAL record
     938                 :             :          * is to be ignored.
     939                 :             :          */
     940                 :          18 :         state->abortedRecPtr = RecPtr;
     941                 :          18 :         state->missingContrecPtr = targetPagePtr;
     942                 :             : 
     943                 :             :         /*
     944                 :             :          * If we got here without reporting an error, make sure an error is
     945                 :             :          * queued so that XLogPrefetcherReadRecord() doesn't bring us back a
     946                 :             :          * second time and clobber the above state.
     947                 :             :          */
     948                 :          18 :         state->errormsg_deferred = true;
     949                 :             :     }
     950                 :             : 
     951   [ +  +  -  + ]:        3739 :     if (decoded && decoded->oversized)
     952                 :           0 :         pfree(decoded);
     953                 :             : 
     954                 :             :     /*
     955                 :             :      * Invalidate the read state. We might read from a different source after
     956                 :             :      * failure.
     957                 :             :      */
     958                 :        3739 :     XLogReaderInvalReadState(state);
     959                 :             : 
     960                 :             :     /*
     961                 :             :      * If an error was written to errormsg_buf, it'll be returned to the
     962                 :             :      * caller of XLogReadRecord() after all successfully decoded records from
     963                 :             :      * the read queue.
     964                 :             :      */
     965                 :             : 
     966                 :        3739 :     return XLREAD_FAIL;
     967                 :             : }
     968                 :             : 
     969                 :             : /*
     970                 :             :  * Try to decode the next available record, and return it.  The record will
     971                 :             :  * also be returned to XLogNextRecord(), which must be called to 'consume'
     972                 :             :  * each record.
     973                 :             :  *
     974                 :             :  * If nonblocking is true, may return NULL due to lack of data or WAL decoding
     975                 :             :  * space.
     976                 :             :  */
     977                 :             : DecodedXLogRecord *
     978                 :     5080328 : XLogReadAhead(XLogReaderState *state, bool nonblocking)
     979                 :             : {
     980                 :             :     XLogPageReadResult result;
     981                 :             : 
     982         [ -  + ]:     5080328 :     if (state->errormsg_deferred)
     983                 :           0 :         return NULL;
     984                 :             : 
     985                 :     5080328 :     result = XLogDecodeNextRecord(state, nonblocking);
     986         [ +  + ]:     5080062 :     if (result == XLREAD_SUCCESS)
     987                 :             :     {
     988                 :             :         Assert(state->decode_queue_tail != NULL);
     989                 :     5060584 :         return state->decode_queue_tail;
     990                 :             :     }
     991                 :             : 
     992                 :       19478 :     return NULL;
     993                 :             : }
     994                 :             : 
     995                 :             : /*
     996                 :             :  * Read a single xlog page including at least [pageptr, reqLen] of valid data
     997                 :             :  * via the page_read() callback.
     998                 :             :  *
     999                 :             :  * Returns XLREAD_FAIL if the required page cannot be read for some
    1000                 :             :  * reason; errormsg_buf is set in that case (unless the error occurs in the
    1001                 :             :  * page_read callback).
    1002                 :             :  *
    1003                 :             :  * Returns XLREAD_WOULDBLOCK if the requested data can't be read without
    1004                 :             :  * waiting.  This can be returned only if the installed page_read callback
    1005                 :             :  * respects the state->nonblocking flag, and cannot read the requested data
    1006                 :             :  * immediately.
    1007                 :             :  *
    1008                 :             :  * We fetch the page from a reader-local cache if we know we have the required
    1009                 :             :  * data and if there hasn't been any error since caching the data.
    1010                 :             :  */
    1011                 :             : static int
    1012                 :    11692128 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
    1013                 :             : {
    1014                 :             :     int         readLen;
    1015                 :             :     uint32      targetPageOff;
    1016                 :             :     XLogSegNo   targetSegNo;
    1017                 :             :     XLogPageHeader hdr;
    1018                 :             : 
    1019                 :             :     Assert((pageptr % XLOG_BLCKSZ) == 0);
    1020                 :             : 
    1021                 :    11692128 :     XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
    1022                 :    11692128 :     targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
    1023                 :             : 
    1024                 :             :     /* check whether we have all the requested data already */
    1025         [ +  + ]:    11692128 :     if (targetSegNo == state->seg.ws_segno &&
    1026   [ +  +  +  + ]:    11684276 :         targetPageOff == state->segoff && reqLen <= state->readLen)
    1027                 :    10137351 :         return state->readLen;
    1028                 :             : 
    1029                 :             :     /*
    1030                 :             :      * Invalidate contents of internal buffer before read attempt.  Just set
    1031                 :             :      * the length to 0, rather than a full XLogReaderInvalReadState(), so we
    1032                 :             :      * don't forget the segment we last successfully read.
    1033                 :             :      */
    1034                 :     1554777 :     state->readLen = 0;
    1035                 :             : 
    1036                 :             :     /*
    1037                 :             :      * Data is not in our buffer.
    1038                 :             :      *
    1039                 :             :      * Every time we actually read the segment, even if we looked at parts of
    1040                 :             :      * it before, we need to do verification as the page_read callback might
    1041                 :             :      * now be rereading data from a different source.
    1042                 :             :      *
    1043                 :             :      * Whenever switching to a new WAL segment, we read the first page of the
    1044                 :             :      * file and validate its header, even if that's not where the target
    1045                 :             :      * record is.  This is so that we can check the additional identification
    1046                 :             :      * info that is present in the first page's "long" header.
    1047                 :             :      */
    1048   [ +  +  +  + ]:     1554777 :     if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
    1049                 :             :     {
    1050                 :        5796 :         XLogRecPtr  targetSegmentPtr = pageptr - targetPageOff;
    1051                 :             : 
    1052                 :        5796 :         readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
    1053                 :             :                                            state->currRecPtr,
    1054                 :             :                                            state->readBuf);
    1055         [ -  + ]:        5789 :         if (readLen == XLREAD_WOULDBLOCK)
    1056                 :           0 :             return XLREAD_WOULDBLOCK;
    1057         [ +  + ]:        5789 :         else if (readLen < 0)
    1058                 :           4 :             goto err;
    1059                 :             : 
    1060                 :             :         /* we can be sure to have enough WAL available, we scrolled back */
    1061                 :             :         Assert(readLen == XLOG_BLCKSZ);
    1062                 :             : 
    1063         [ -  + ]:        5785 :         if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
    1064                 :             :                                           state->readBuf))
    1065                 :           0 :             goto err;
    1066                 :             :     }
    1067                 :             : 
    1068                 :             :     /*
    1069                 :             :      * First, read the requested data length, but at least a short page header
    1070                 :             :      * so that we can validate it.
    1071                 :             :      */
    1072                 :     1554766 :     readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
    1073                 :             :                                        state->currRecPtr,
    1074                 :             :                                        state->readBuf);
    1075         [ +  + ]:     1554507 :     if (readLen == XLREAD_WOULDBLOCK)
    1076                 :       13203 :         return XLREAD_WOULDBLOCK;
    1077         [ +  + ]:     1541304 :     else if (readLen < 0)
    1078                 :        3430 :         goto err;
    1079                 :             : 
    1080                 :             :     Assert(readLen <= XLOG_BLCKSZ);
    1081                 :             : 
    1082                 :             :     /* Do we have enough data to check the header length? */
    1083         [ -  + ]:     1537874 :     if (readLen <= SizeOfXLogShortPHD)
    1084                 :           0 :         goto err;
    1085                 :             : 
    1086                 :             :     Assert(readLen >= reqLen);
    1087                 :             : 
    1088                 :     1537874 :     hdr = (XLogPageHeader) state->readBuf;
    1089                 :             : 
    1090                 :             :     /* still not enough */
    1091   [ +  +  -  + ]:     1537874 :     if (readLen < XLogPageHeaderSize(hdr))
    1092                 :             :     {
    1093         [ #  # ]:           0 :         readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
    1094                 :             :                                            state->currRecPtr,
    1095                 :             :                                            state->readBuf);
    1096         [ #  # ]:           0 :         if (readLen == XLREAD_WOULDBLOCK)
    1097                 :           0 :             return XLREAD_WOULDBLOCK;
    1098         [ #  # ]:           0 :         else if (readLen < 0)
    1099                 :           0 :             goto err;
    1100                 :             :     }
    1101                 :             : 
    1102                 :             :     /*
    1103                 :             :      * Now that we know we have the full header, validate it.
    1104                 :             :      */
    1105         [ +  + ]:     1537874 :     if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
    1106                 :          12 :         goto err;
    1107                 :             : 
    1108                 :             :     /* update read state information */
    1109                 :     1537862 :     state->seg.ws_segno = targetSegNo;
    1110                 :     1537862 :     state->segoff = targetPageOff;
    1111                 :     1537862 :     state->readLen = readLen;
    1112                 :             : 
    1113                 :     1537862 :     return readLen;
    1114                 :             : 
    1115                 :        3446 : err:
    1116                 :        3446 :     XLogReaderInvalReadState(state);
    1117                 :             : 
    1118                 :        3446 :     return XLREAD_FAIL;
    1119                 :             : }
    1120                 :             : 
    1121                 :             : /*
    1122                 :             :  * Invalidate the xlogreader's read state to force a re-read.
    1123                 :             :  */
    1124                 :             : static void
    1125                 :        7185 : XLogReaderInvalReadState(XLogReaderState *state)
    1126                 :             : {
    1127                 :        7185 :     state->seg.ws_segno = 0;
    1128                 :        7185 :     state->segoff = 0;
    1129                 :        7185 :     state->readLen = 0;
    1130                 :        7185 : }
    1131                 :             : 
    1132                 :             : /*
    1133                 :             :  * Validate an XLOG record header.
    1134                 :             :  *
    1135                 :             :  * This is just a convenience subroutine to avoid duplicated code in
    1136                 :             :  * XLogReadRecord.  It's not intended for use from anywhere else.
    1137                 :             :  */
    1138                 :             : static bool
    1139                 :     5067926 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
    1140                 :             :                       XLogRecPtr PrevRecPtr, XLogRecord *record,
    1141                 :             :                       bool randAccess)
    1142                 :             : {
    1143         [ +  + ]:     5067926 :     if (record->xl_tot_len < SizeOfXLogRecord)
    1144                 :             :     {
    1145                 :         281 :         report_invalid_record(state,
    1146                 :             :                               "invalid record length at %X/%08X: expected at least %u, got %u",
    1147                 :         281 :                               LSN_FORMAT_ARGS(RecPtr),
    1148                 :             :                               (uint32) SizeOfXLogRecord, record->xl_tot_len);
    1149                 :         281 :         return false;
    1150                 :             :     }
    1151   [ +  +  -  + ]:     5067645 :     if (!RmgrIdIsValid(record->xl_rmid))
    1152                 :             :     {
    1153                 :           0 :         report_invalid_record(state,
    1154                 :             :                               "invalid resource manager ID %u at %X/%08X",
    1155                 :           0 :                               record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
    1156                 :           0 :         return false;
    1157                 :             :     }
    1158         [ +  + ]:     5067645 :     if (randAccess)
    1159                 :             :     {
    1160                 :             :         /*
    1161                 :             :          * We can't exactly verify the prev-link, but surely it should be less
    1162                 :             :          * than the record's own address.
    1163                 :             :          */
    1164         [ -  + ]:        3936 :         if (!(record->xl_prev < RecPtr))
    1165                 :             :         {
    1166                 :           0 :             report_invalid_record(state,
    1167                 :             :                                   "record with incorrect prev-link %X/%08X at %X/%08X",
    1168                 :           0 :                                   LSN_FORMAT_ARGS(record->xl_prev),
    1169                 :           0 :                                   LSN_FORMAT_ARGS(RecPtr));
    1170                 :           0 :             return false;
    1171                 :             :         }
    1172                 :             :     }
    1173                 :             :     else
    1174                 :             :     {
    1175                 :             :         /*
    1176                 :             :          * Record's prev-link should exactly match our previous location. This
    1177                 :             :          * check guards against torn WAL pages where a stale but valid-looking
    1178                 :             :          * WAL record starts on a sector boundary.
    1179                 :             :          */
    1180         [ +  + ]:     5063709 :         if (record->xl_prev != PrevRecPtr)
    1181                 :             :         {
    1182                 :           7 :             report_invalid_record(state,
    1183                 :             :                                   "record with incorrect prev-link %X/%08X at %X/%08X",
    1184                 :           7 :                                   LSN_FORMAT_ARGS(record->xl_prev),
    1185                 :           7 :                                   LSN_FORMAT_ARGS(RecPtr));
    1186                 :           7 :             return false;
    1187                 :             :         }
    1188                 :             :     }
    1189                 :             : 
    1190                 :     5067638 :     return true;
    1191                 :             : }
    1192                 :             : 
    1193                 :             : 
    1194                 :             : /*
    1195                 :             :  * CRC-check an XLOG record.  We do not believe the contents of an XLOG
    1196                 :             :  * record (other than to the minimal extent of computing the amount of
    1197                 :             :  * data to read in) until we've checked the CRCs.
    1198                 :             :  *
    1199                 :             :  * We assume all of the record (that is, xl_tot_len bytes) has been read
    1200                 :             :  * into memory at *record.  Also, ValidXLogRecordHeader() has accepted the
    1201                 :             :  * record's header, which means in particular that xl_tot_len is at least
    1202                 :             :  * SizeOfXLogRecord.
    1203                 :             :  */
    1204                 :             : static bool
    1205                 :     5060585 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
    1206                 :             : {
    1207                 :             :     pg_crc32c   crc;
    1208                 :             : 
    1209                 :             :     Assert(record->xl_tot_len >= SizeOfXLogRecord);
    1210                 :             : 
    1211                 :             :     /* Calculate the CRC */
    1212                 :     5060585 :     INIT_CRC32C(crc);
    1213                 :     5060585 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    1214                 :             :     /* include the record header last */
    1215                 :     5060585 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    1216                 :     5060585 :     FIN_CRC32C(crc);
    1217                 :             : 
    1218         [ +  + ]:     5060585 :     if (!EQ_CRC32C(record->xl_crc, crc))
    1219                 :             :     {
    1220                 :           1 :         report_invalid_record(state,
    1221                 :             :                               "incorrect resource manager data checksum in record at %X/%08X",
    1222                 :           1 :                               LSN_FORMAT_ARGS(recptr));
    1223                 :           1 :         return false;
    1224                 :             :     }
    1225                 :             : 
    1226                 :     5060584 :     return true;
    1227                 :             : }
    1228                 :             : 
    1229                 :             : /*
    1230                 :             :  * Validate a page header.
    1231                 :             :  *
    1232                 :             :  * Check if 'phdr' is valid as the header of the XLog page at position
    1233                 :             :  * 'recptr'.
    1234                 :             :  */
    1235                 :             : bool
    1236                 :     1545150 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
    1237                 :             :                              char *phdr)
    1238                 :             : {
    1239                 :             :     XLogSegNo   segno;
    1240                 :             :     int32       offset;
    1241                 :     1545150 :     XLogPageHeader hdr = (XLogPageHeader) phdr;
    1242                 :             : 
    1243                 :             :     Assert((recptr % XLOG_BLCKSZ) == 0);
    1244                 :             : 
    1245                 :     1545150 :     XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
    1246                 :     1545150 :     offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
    1247                 :             : 
    1248         [ +  + ]:     1545150 :     if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
    1249                 :             :     {
    1250                 :             :         char        fname[MAXFNAMELEN];
    1251                 :             : 
    1252                 :           9 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1253                 :             : 
    1254                 :           9 :         report_invalid_record(state,
    1255                 :             :                               "invalid magic number %04X in WAL segment %s, LSN %X/%08X, offset %u",
    1256                 :           9 :                               hdr->xlp_magic,
    1257                 :             :                               fname,
    1258                 :           9 :                               LSN_FORMAT_ARGS(recptr),
    1259                 :             :                               offset);
    1260                 :           9 :         return false;
    1261                 :             :     }
    1262                 :             : 
    1263         [ +  + ]:     1545141 :     if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
    1264                 :             :     {
    1265                 :             :         char        fname[MAXFNAMELEN];
    1266                 :             : 
    1267                 :           1 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1268                 :             : 
    1269                 :           1 :         report_invalid_record(state,
    1270                 :             :                               "invalid info bits %04X in WAL segment %s, LSN %X/%08X, offset %u",
    1271                 :           1 :                               hdr->xlp_info,
    1272                 :             :                               fname,
    1273                 :           1 :                               LSN_FORMAT_ARGS(recptr),
    1274                 :             :                               offset);
    1275                 :           1 :         return false;
    1276                 :             :     }
    1277                 :             : 
    1278         [ +  + ]:     1545140 :     if (hdr->xlp_info & XLP_LONG_HEADER)
    1279                 :             :     {
    1280                 :        8954 :         XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
    1281                 :             : 
    1282         [ +  + ]:        8954 :         if (state->system_identifier &&
    1283         [ -  + ]:        4118 :             longhdr->xlp_sysid != state->system_identifier)
    1284                 :             :         {
    1285                 :           0 :             report_invalid_record(state,
    1286                 :             :                                   "WAL file is from different database system: WAL file database system identifier is %" PRIu64 ", pg_control database system identifier is %" PRIu64,
    1287                 :             :                                   longhdr->xlp_sysid,
    1288                 :             :                                   state->system_identifier);
    1289                 :           0 :             return false;
    1290                 :             :         }
    1291         [ -  + ]:        8954 :         else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
    1292                 :             :         {
    1293                 :           0 :             report_invalid_record(state,
    1294                 :             :                                   "WAL file is from different database system: incorrect segment size in page header");
    1295                 :           0 :             return false;
    1296                 :             :         }
    1297         [ -  + ]:        8954 :         else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
    1298                 :             :         {
    1299                 :           0 :             report_invalid_record(state,
    1300                 :             :                                   "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
    1301                 :           0 :             return false;
    1302                 :             :         }
    1303                 :             :     }
    1304         [ -  + ]:     1536186 :     else if (offset == 0)
    1305                 :             :     {
    1306                 :             :         char        fname[MAXFNAMELEN];
    1307                 :             : 
    1308                 :           0 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1309                 :             : 
    1310                 :             :         /* hmm, first page of file doesn't have a long header? */
    1311                 :           0 :         report_invalid_record(state,
    1312                 :             :                               "invalid info bits %04X in WAL segment %s, LSN %X/%08X, offset %u",
    1313                 :           0 :                               hdr->xlp_info,
    1314                 :             :                               fname,
    1315                 :           0 :                               LSN_FORMAT_ARGS(recptr),
    1316                 :             :                               offset);
    1317                 :           0 :         return false;
    1318                 :             :     }
    1319                 :             : 
    1320                 :             :     /*
    1321                 :             :      * Check that the address on the page agrees with what we expected. This
    1322                 :             :      * check typically fails when an old WAL segment is recycled, and hasn't
    1323                 :             :      * yet been overwritten with new data yet.
    1324                 :             :      */
    1325         [ +  + ]:     1545140 :     if (hdr->xlp_pageaddr != recptr)
    1326                 :             :     {
    1327                 :             :         char        fname[MAXFNAMELEN];
    1328                 :             : 
    1329                 :           7 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1330                 :             : 
    1331                 :           7 :         report_invalid_record(state,
    1332                 :             :                               "unexpected pageaddr %X/%08X in WAL segment %s, LSN %X/%08X, offset %u",
    1333                 :           7 :                               LSN_FORMAT_ARGS(hdr->xlp_pageaddr),
    1334                 :             :                               fname,
    1335                 :           7 :                               LSN_FORMAT_ARGS(recptr),
    1336                 :             :                               offset);
    1337                 :           7 :         return false;
    1338                 :             :     }
    1339                 :             : 
    1340                 :             :     /*
    1341                 :             :      * Since child timelines are always assigned a TLI greater than their
    1342                 :             :      * immediate parent's TLI, we should never see TLI go backwards across
    1343                 :             :      * successive pages of a consistent WAL sequence.
    1344                 :             :      *
    1345                 :             :      * Sometimes we re-read a segment that's already been (partially) read. So
    1346                 :             :      * we only verify TLIs for pages that are later than the last remembered
    1347                 :             :      * LSN.
    1348                 :             :      */
    1349         [ +  + ]:     1545133 :     if (recptr > state->latestPagePtr)
    1350                 :             :     {
    1351         [ -  + ]:     1525677 :         if (hdr->xlp_tli < state->latestPageTLI)
    1352                 :             :         {
    1353                 :             :             char        fname[MAXFNAMELEN];
    1354                 :             : 
    1355                 :           0 :             XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1356                 :             : 
    1357                 :           0 :             report_invalid_record(state,
    1358                 :             :                                   "out-of-sequence timeline ID %u (after %u) in WAL segment %s, LSN %X/%08X, offset %u",
    1359                 :             :                                   hdr->xlp_tli,
    1360                 :             :                                   state->latestPageTLI,
    1361                 :             :                                   fname,
    1362                 :           0 :                                   LSN_FORMAT_ARGS(recptr),
    1363                 :             :                                   offset);
    1364                 :           0 :             return false;
    1365                 :             :         }
    1366                 :             :     }
    1367                 :     1545133 :     state->latestPagePtr = recptr;
    1368                 :     1545133 :     state->latestPageTLI = hdr->xlp_tli;
    1369                 :             : 
    1370                 :     1545133 :     return true;
    1371                 :             : }
    1372                 :             : 
    1373                 :             : /*
    1374                 :             :  * Forget about an error produced by XLogReaderValidatePageHeader().
    1375                 :             :  */
    1376                 :             : void
    1377                 :           5 : XLogReaderResetError(XLogReaderState *state)
    1378                 :             : {
    1379                 :           5 :     state->errormsg_buf[0] = '\0';
    1380                 :           5 :     state->errormsg_deferred = false;
    1381                 :           5 : }
    1382                 :             : 
    1383                 :             : /*
    1384                 :             :  * Find the first record with an lsn >= RecPtr.
    1385                 :             :  *
    1386                 :             :  * This is different from XLogBeginRead() in that RecPtr doesn't need to point
    1387                 :             :  * to a valid record boundary.  Useful for checking whether RecPtr is a valid
    1388                 :             :  * xlog address for reading, and to find the first valid address after some
    1389                 :             :  * address when dumping records for debugging purposes.
    1390                 :             :  *
    1391                 :             :  * This positions the reader, like XLogBeginRead(), so that the next call to
    1392                 :             :  * XLogReadRecord() will read the next valid record.
    1393                 :             :  *
    1394                 :             :  * On failure, InvalidXLogRecPtr is returned, and *errormsg is set to a string
    1395                 :             :  * with details of the failure.
    1396                 :             :  *
    1397                 :             :  * When set, *errormsg points to an internal buffer that's valid until the next
    1398                 :             :  * call to XLogReadRecord.
    1399                 :             :  */
    1400                 :             : XLogRecPtr
    1401                 :          20 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr, char **errormsg)
    1402                 :             : {
    1403                 :             :     XLogRecPtr  tmpRecPtr;
    1404                 :          20 :     XLogRecPtr  found = InvalidXLogRecPtr;
    1405                 :             :     XLogPageHeader header;
    1406                 :             : 
    1407                 :          20 :     *errormsg = NULL;
    1408                 :             : 
    1409                 :             :     Assert(XLogRecPtrIsValid(RecPtr));
    1410                 :             : 
    1411                 :             :     /* Make sure ReadPageInternal() can't return XLREAD_WOULDBLOCK. */
    1412                 :          20 :     state->nonblocking = false;
    1413                 :             : 
    1414                 :             :     /*
    1415                 :             :      * skip over potential continuation data, keeping in mind that it may span
    1416                 :             :      * multiple pages
    1417                 :             :      */
    1418                 :          20 :     tmpRecPtr = RecPtr;
    1419                 :             :     while (true)
    1420                 :           0 :     {
    1421                 :             :         XLogRecPtr  targetPagePtr;
    1422                 :             :         int         targetRecOff;
    1423                 :             :         uint32      pageHeaderSize;
    1424                 :             :         int         readLen;
    1425                 :             : 
    1426                 :             :         /*
    1427                 :             :          * Compute targetRecOff. It should typically be equal or greater than
    1428                 :             :          * short page-header since a valid record can't start anywhere before
    1429                 :             :          * that, except when caller has explicitly specified the offset that
    1430                 :             :          * falls somewhere there or when we are skipping multi-page
    1431                 :             :          * continuation record. It doesn't matter though because
    1432                 :             :          * ReadPageInternal() is prepared to handle that and will read at
    1433                 :             :          * least short page-header worth of data
    1434                 :             :          */
    1435                 :          20 :         targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
    1436                 :             : 
    1437                 :             :         /* scroll back to page boundary */
    1438                 :          20 :         targetPagePtr = tmpRecPtr - targetRecOff;
    1439                 :             : 
    1440                 :             :         /* Read the page containing the record */
    1441                 :          20 :         readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
    1442         [ -  + ]:          20 :         if (readLen < 0)
    1443                 :           0 :             goto err;
    1444                 :             : 
    1445                 :          20 :         header = (XLogPageHeader) state->readBuf;
    1446                 :             : 
    1447         [ +  + ]:          20 :         pageHeaderSize = XLogPageHeaderSize(header);
    1448                 :             : 
    1449                 :             :         /* make sure we have enough data for the page header */
    1450                 :          20 :         readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
    1451         [ -  + ]:          20 :         if (readLen < 0)
    1452                 :           0 :             goto err;
    1453                 :             : 
    1454                 :             :         /* skip over potential continuation data */
    1455         [ +  + ]:          20 :         if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
    1456                 :             :         {
    1457                 :             :             /*
    1458                 :             :              * If the length of the remaining continuation data is more than
    1459                 :             :              * what can fit in this page, the continuation record crosses over
    1460                 :             :              * this page. Read the next page and try again. xlp_rem_len in the
    1461                 :             :              * next page header will contain the remaining length of the
    1462                 :             :              * continuation data
    1463                 :             :              *
    1464                 :             :              * Note that record headers are MAXALIGN'ed
    1465                 :             :              */
    1466         [ -  + ]:          17 :             if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
    1467                 :           0 :                 tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
    1468                 :             :             else
    1469                 :             :             {
    1470                 :             :                 /*
    1471                 :             :                  * The previous continuation record ends in this page. Set
    1472                 :             :                  * tmpRecPtr to point to the first valid record
    1473                 :             :                  */
    1474                 :          17 :                 tmpRecPtr = targetPagePtr + pageHeaderSize
    1475                 :          17 :                     + MAXALIGN(header->xlp_rem_len);
    1476                 :          17 :                 break;
    1477                 :             :             }
    1478                 :             :         }
    1479                 :             :         else
    1480                 :             :         {
    1481                 :           3 :             tmpRecPtr = targetPagePtr + pageHeaderSize;
    1482                 :           3 :             break;
    1483                 :             :         }
    1484                 :             :     }
    1485                 :             : 
    1486                 :             :     /*
    1487                 :             :      * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
    1488                 :             :      * because either we're at the first record after the beginning of a page
    1489                 :             :      * or we just jumped over the remaining data of a continuation.
    1490                 :             :      */
    1491                 :          20 :     XLogBeginRead(state, tmpRecPtr);
    1492         [ +  - ]:         382 :     while (XLogReadRecord(state, errormsg) != NULL)
    1493                 :             :     {
    1494                 :             :         /* past the record we've found, break out */
    1495         [ +  + ]:         382 :         if (RecPtr <= state->ReadRecPtr)
    1496                 :             :         {
    1497                 :             :             /* Rewind the reader to the beginning of the last record. */
    1498                 :          20 :             found = state->ReadRecPtr;
    1499                 :          20 :             XLogBeginRead(state, found);
    1500                 :          20 :             return found;
    1501                 :             :         }
    1502                 :             :     }
    1503                 :             : 
    1504                 :           0 : err:
    1505                 :           0 :     XLogReaderInvalReadState(state);
    1506                 :             : 
    1507                 :             :     /*
    1508                 :             :      * We may have reported errors due to invalid WAL header, propagate the
    1509                 :             :      * error message to the caller.
    1510                 :             :      */
    1511         [ #  # ]:           0 :     if (state->errormsg_deferred)
    1512                 :             :     {
    1513         [ #  # ]:           0 :         if (state->errormsg_buf[0] != '\0')
    1514                 :           0 :             *errormsg = state->errormsg_buf;
    1515                 :           0 :         state->errormsg_deferred = false;
    1516                 :             :     }
    1517                 :             : 
    1518                 :           0 :     return InvalidXLogRecPtr;
    1519                 :             : }
    1520                 :             : 
    1521                 :             : /*
    1522                 :             :  * Helper function to ease writing of XLogReaderRoutine->page_read callbacks.
    1523                 :             :  * If this function is used, caller must supply a segment_open callback in
    1524                 :             :  * 'state', as that is used here.
    1525                 :             :  *
    1526                 :             :  * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
    1527                 :             :  * fetched from timeline 'tli'.
    1528                 :             :  *
    1529                 :             :  * Returns true if succeeded, false if an error occurs, in which case
    1530                 :             :  * 'errinfo' receives error details.
    1531                 :             :  */
    1532                 :             : bool
    1533                 :      137262 : WALRead(XLogReaderState *state,
    1534                 :             :         char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
    1535                 :             :         WALReadError *errinfo)
    1536                 :             : {
    1537                 :             :     char       *p;
    1538                 :             :     XLogRecPtr  recptr;
    1539                 :             :     Size        nbytes;
    1540                 :             : #ifndef FRONTEND
    1541                 :             :     instr_time  io_start;
    1542                 :             : #endif
    1543                 :             : 
    1544                 :      137262 :     p = buf;
    1545                 :      137262 :     recptr = startptr;
    1546                 :      137262 :     nbytes = count;
    1547                 :             : 
    1548         [ +  + ]:      274985 :     while (nbytes > 0)
    1549                 :             :     {
    1550                 :             :         uint32      startoff;
    1551                 :             :         int         segbytes;
    1552                 :             :         int         readbytes;
    1553                 :             : 
    1554                 :      137723 :         startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
    1555                 :             : 
    1556                 :             :         /*
    1557                 :             :          * If the data we want is not in a segment we have open, close what we
    1558                 :             :          * have (if anything) and open the next one, using the caller's
    1559                 :             :          * provided segment_open callback.
    1560                 :             :          */
    1561         [ +  + ]:      137723 :         if (state->seg.ws_file < 0 ||
    1562         [ +  + ]:      135897 :             !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
    1563         [ -  + ]:      131884 :             tli != state->seg.ws_tli)
    1564                 :             :         {
    1565                 :             :             XLogSegNo   nextSegNo;
    1566                 :             : 
    1567         [ +  + ]:        5839 :             if (state->seg.ws_file >= 0)
    1568                 :        4013 :                 state->routine.segment_close(state);
    1569                 :             : 
    1570                 :        5839 :             XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
    1571                 :        5839 :             state->routine.segment_open(state, nextSegNo, &tli);
    1572                 :             : 
    1573                 :             :             /* This shouldn't happen -- indicates a bug in segment_open */
    1574                 :             :             Assert(state->seg.ws_file >= 0);
    1575                 :             : 
    1576                 :             :             /* Update the current segment info. */
    1577                 :        5839 :             state->seg.ws_tli = tli;
    1578                 :        5839 :             state->seg.ws_segno = nextSegNo;
    1579                 :             :         }
    1580                 :             : 
    1581                 :             :         /* How many bytes are within this segment? */
    1582         [ +  + ]:      137723 :         if (nbytes > (state->segcxt.ws_segsize - startoff))
    1583                 :         461 :             segbytes = state->segcxt.ws_segsize - startoff;
    1584                 :             :         else
    1585                 :      137262 :             segbytes = nbytes;
    1586                 :             : 
    1587                 :             : #ifndef FRONTEND
    1588                 :             :         /* Measure I/O timing when reading segment */
    1589                 :      137723 :         io_start = pgstat_prepare_io_time(track_wal_io_timing);
    1590                 :             : 
    1591                 :      137723 :         pgstat_report_wait_start(WAIT_EVENT_WAL_READ);
    1592                 :             : #endif
    1593                 :             : 
    1594                 :             :         /* Reset errno first; eases reporting non-errno-affecting errors */
    1595                 :      137723 :         errno = 0;
    1596                 :      137723 :         readbytes = pg_pread(state->seg.ws_file, p, segbytes, (pgoff_t) startoff);
    1597                 :             : 
    1598                 :             : #ifndef FRONTEND
    1599                 :      137723 :         pgstat_report_wait_end();
    1600                 :             : #endif
    1601                 :             : 
    1602         [ -  + ]:      137723 :         if (readbytes <= 0)
    1603                 :             :         {
    1604                 :           0 :             errinfo->wre_errno = errno;
    1605                 :           0 :             errinfo->wre_req = segbytes;
    1606                 :           0 :             errinfo->wre_read = readbytes;
    1607                 :           0 :             errinfo->wre_off = startoff;
    1608                 :           0 :             errinfo->wre_seg = state->seg;
    1609                 :           0 :             return false;
    1610                 :             :         }
    1611                 :             : 
    1612                 :             : #ifndef FRONTEND
    1613                 :      137723 :         pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL, IOOP_READ,
    1614                 :             :                                 io_start, 1, readbytes);
    1615                 :             : #endif
    1616                 :             : 
    1617                 :             :         /* Update state for read */
    1618                 :      137723 :         recptr += readbytes;
    1619                 :      137723 :         nbytes -= readbytes;
    1620                 :      137723 :         p += readbytes;
    1621                 :             :     }
    1622                 :             : 
    1623                 :      137262 :     return true;
    1624                 :             : }
    1625                 :             : 
    1626                 :             : /* ----------------------------------------
    1627                 :             :  * Functions for decoding the data and block references in a record.
    1628                 :             :  * ----------------------------------------
    1629                 :             :  */
    1630                 :             : 
    1631                 :             : /*
    1632                 :             :  * Private function to reset the state, forgetting all decoded records, if we
    1633                 :             :  * are asked to move to a new read position.
    1634                 :             :  */
    1635                 :             : static void
    1636                 :        3982 : ResetDecoder(XLogReaderState *state)
    1637                 :             : {
    1638                 :             :     DecodedXLogRecord *r;
    1639                 :             : 
    1640                 :             :     /* Reset the decoded record queue, freeing any oversized records. */
    1641         [ +  + ]:        9180 :     while ((r = state->decode_queue_head) != NULL)
    1642                 :             :     {
    1643                 :        1216 :         state->decode_queue_head = r->next;
    1644         [ +  - ]:        1216 :         if (r->oversized)
    1645                 :           0 :             pfree(r);
    1646                 :             :     }
    1647                 :        3982 :     state->decode_queue_tail = NULL;
    1648                 :        3982 :     state->decode_queue_head = NULL;
    1649                 :        3982 :     state->record = NULL;
    1650                 :             : 
    1651                 :             :     /* Reset the decode buffer to empty. */
    1652                 :        3982 :     state->decode_buffer_tail = state->decode_buffer;
    1653                 :        3982 :     state->decode_buffer_head = state->decode_buffer;
    1654                 :             : 
    1655                 :             :     /* Clear error state. */
    1656                 :        3982 :     state->errormsg_buf[0] = '\0';
    1657                 :        3982 :     state->errormsg_deferred = false;
    1658                 :        3982 : }
    1659                 :             : 
    1660                 :             : /*
    1661                 :             :  * Compute the maximum possible amount of padding that could be required to
    1662                 :             :  * decode a record, given xl_tot_len from the record's header.  This is the
    1663                 :             :  * amount of output buffer space that we need to decode a record, though we
    1664                 :             :  * might not finish up using it all.
    1665                 :             :  *
    1666                 :             :  * This computation is pessimistic and assumes the maximum possible number of
    1667                 :             :  * blocks, due to lack of better information.
    1668                 :             :  */
    1669                 :             : size_t
    1670                 :     5067723 : DecodeXLogRecordRequiredSpace(size_t xl_tot_len)
    1671                 :             : {
    1672                 :     5067723 :     size_t      size = 0;
    1673                 :             : 
    1674                 :             :     /* Account for the fixed size part of the decoded record struct. */
    1675                 :     5067723 :     size += offsetof(DecodedXLogRecord, blocks[0]);
    1676                 :             :     /* Account for the flexible blocks array of maximum possible size. */
    1677                 :     5067723 :     size += sizeof(DecodedBkpBlock) * (XLR_MAX_BLOCK_ID + 1);
    1678                 :             :     /* Account for all the raw main and block data. */
    1679                 :     5067723 :     size += xl_tot_len;
    1680                 :             :     /* We might insert padding before main_data. */
    1681                 :     5067723 :     size += (MAXIMUM_ALIGNOF - 1);
    1682                 :             :     /* We might insert padding before each block's data. */
    1683                 :     5067723 :     size += (MAXIMUM_ALIGNOF - 1) * (XLR_MAX_BLOCK_ID + 1);
    1684                 :             :     /* We might insert padding at the end. */
    1685                 :     5067723 :     size += (MAXIMUM_ALIGNOF - 1);
    1686                 :             : 
    1687                 :     5067723 :     return size;
    1688                 :             : }
    1689                 :             : 
    1690                 :             : /*
    1691                 :             :  * Decode a record.  "decoded" must point to a MAXALIGNed memory area that has
    1692                 :             :  * space for at least DecodeXLogRecordRequiredSpace(record) bytes.  On
    1693                 :             :  * success, decoded->size contains the actual space occupied by the decoded
    1694                 :             :  * record, which may turn out to be less.
    1695                 :             :  *
    1696                 :             :  * Only decoded->oversized member must be initialized already, and will not be
    1697                 :             :  * modified.  Other members will be initialized as required.
    1698                 :             :  *
    1699                 :             :  * On error, a human-readable error message is returned in *errormsg, and
    1700                 :             :  * the return value is false.
    1701                 :             :  */
    1702                 :             : bool
    1703                 :     5060584 : DecodeXLogRecord(XLogReaderState *state,
    1704                 :             :                  DecodedXLogRecord *decoded,
    1705                 :             :                  XLogRecord *record,
    1706                 :             :                  XLogRecPtr lsn,
    1707                 :             :                  char **errormsg)
    1708                 :             : {
    1709                 :             :     /*
    1710                 :             :      * read next _size bytes from record buffer, but check for overrun first.
    1711                 :             :      */
    1712                 :             : #define COPY_HEADER_FIELD(_dst, _size)          \
    1713                 :             :     do {                                        \
    1714                 :             :         if (remaining < _size)                   \
    1715                 :             :             goto shortdata_err;                 \
    1716                 :             :         memcpy(_dst, ptr, _size);               \
    1717                 :             :         ptr += _size;                           \
    1718                 :             :         remaining -= _size;                     \
    1719                 :             :     } while(0)
    1720                 :             : 
    1721                 :             :     char       *ptr;
    1722                 :             :     char       *out;
    1723                 :             :     uint32      remaining;
    1724                 :             :     uint32      datatotal;
    1725                 :     5060584 :     RelFileLocator *rlocator = NULL;
    1726                 :             :     uint8       block_id;
    1727                 :             : 
    1728                 :     5060584 :     decoded->header = *record;
    1729                 :     5060584 :     decoded->lsn = lsn;
    1730                 :     5060584 :     decoded->next = NULL;
    1731                 :     5060584 :     decoded->record_origin = InvalidReplOriginId;
    1732                 :     5060584 :     decoded->toplevel_xid = InvalidTransactionId;
    1733                 :     5060584 :     decoded->main_data = NULL;
    1734                 :     5060584 :     decoded->main_data_len = 0;
    1735                 :     5060584 :     decoded->max_block_id = -1;
    1736                 :     5060584 :     ptr = (char *) record;
    1737                 :     5060584 :     ptr += SizeOfXLogRecord;
    1738                 :     5060584 :     remaining = record->xl_tot_len - SizeOfXLogRecord;
    1739                 :             : 
    1740                 :             :     /* Decode the headers */
    1741                 :     5060584 :     datatotal = 0;
    1742         [ +  + ]:    10308096 :     while (remaining > datatotal)
    1743                 :             :     {
    1744         [ -  + ]:    10247439 :         COPY_HEADER_FIELD(&block_id, sizeof(uint8));
    1745                 :             : 
    1746         [ +  + ]:    10247439 :         if (block_id == XLR_BLOCK_ID_DATA_SHORT)
    1747                 :             :         {
    1748                 :             :             /* XLogRecordDataHeaderShort */
    1749                 :             :             uint8       main_data_len;
    1750                 :             : 
    1751         [ -  + ]:     4988491 :             COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
    1752                 :             : 
    1753                 :     4988491 :             decoded->main_data_len = main_data_len;
    1754                 :     4988491 :             datatotal += main_data_len;
    1755                 :     4988491 :             break;              /* by convention, the main data fragment is
    1756                 :             :                                  * always last */
    1757                 :             :         }
    1758         [ +  + ]:     5258948 :         else if (block_id == XLR_BLOCK_ID_DATA_LONG)
    1759                 :             :         {
    1760                 :             :             /* XLogRecordDataHeaderLong */
    1761                 :             :             uint32      main_data_len;
    1762                 :             : 
    1763         [ -  + ]:       11436 :             COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
    1764                 :       11436 :             decoded->main_data_len = main_data_len;
    1765                 :       11436 :             datatotal += main_data_len;
    1766                 :       11436 :             break;              /* by convention, the main data fragment is
    1767                 :             :                                  * always last */
    1768                 :             :         }
    1769         [ +  + ]:     5247512 :         else if (block_id == XLR_BLOCK_ID_ORIGIN)
    1770                 :             :         {
    1771         [ -  + ]:       13063 :             COPY_HEADER_FIELD(&decoded->record_origin, sizeof(ReplOriginId));
    1772                 :             :         }
    1773         [ +  + ]:     5234449 :         else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
    1774                 :             :         {
    1775         [ -  + ]:         652 :             COPY_HEADER_FIELD(&decoded->toplevel_xid, sizeof(TransactionId));
    1776                 :             :         }
    1777         [ +  - ]:     5233797 :         else if (block_id <= XLR_MAX_BLOCK_ID)
    1778                 :             :         {
    1779                 :             :             /* XLogRecordBlockHeader */
    1780                 :             :             DecodedBkpBlock *blk;
    1781                 :             :             uint8       fork_flags;
    1782                 :             : 
    1783                 :             :             /* mark any intervening block IDs as not in use */
    1784         [ +  + ]:     5236827 :             for (int i = decoded->max_block_id + 1; i < block_id; ++i)
    1785                 :        3030 :                 decoded->blocks[i].in_use = false;
    1786                 :             : 
    1787         [ -  + ]:     5233797 :             if (block_id <= decoded->max_block_id)
    1788                 :             :             {
    1789                 :           0 :                 report_invalid_record(state,
    1790                 :             :                                       "out-of-order block_id %u at %X/%08X",
    1791                 :             :                                       block_id,
    1792                 :           0 :                                       LSN_FORMAT_ARGS(state->ReadRecPtr));
    1793                 :           0 :                 goto err;
    1794                 :             :             }
    1795                 :     5233797 :             decoded->max_block_id = block_id;
    1796                 :             : 
    1797                 :     5233797 :             blk = &decoded->blocks[block_id];
    1798                 :     5233797 :             blk->in_use = true;
    1799                 :     5233797 :             blk->apply_image = false;
    1800                 :             : 
    1801         [ -  + ]:     5233797 :             COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
    1802                 :     5233797 :             blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
    1803                 :     5233797 :             blk->flags = fork_flags;
    1804                 :     5233797 :             blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
    1805                 :     5233797 :             blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
    1806                 :             : 
    1807                 :     5233797 :             blk->prefetch_buffer = InvalidBuffer;
    1808                 :             : 
    1809         [ -  + ]:     5233797 :             COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
    1810                 :             :             /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
    1811   [ +  +  -  + ]:     5233797 :             if (blk->has_data && blk->data_len == 0)
    1812                 :             :             {
    1813                 :           0 :                 report_invalid_record(state,
    1814                 :             :                                       "BKPBLOCK_HAS_DATA set, but no data included at %X/%08X",
    1815                 :           0 :                                       LSN_FORMAT_ARGS(state->ReadRecPtr));
    1816                 :           0 :                 goto err;
    1817                 :             :             }
    1818   [ +  +  -  + ]:     5233797 :             if (!blk->has_data && blk->data_len != 0)
    1819                 :             :             {
    1820                 :           0 :                 report_invalid_record(state,
    1821                 :             :                                       "BKPBLOCK_HAS_DATA not set, but data length is %d at %X/%08X",
    1822                 :           0 :                                       blk->data_len,
    1823                 :           0 :                                       LSN_FORMAT_ARGS(state->ReadRecPtr));
    1824                 :           0 :                 goto err;
    1825                 :             :             }
    1826                 :     5233797 :             datatotal += blk->data_len;
    1827                 :             : 
    1828         [ +  + ]:     5233797 :             if (blk->has_image)
    1829                 :             :             {
    1830         [ -  + ]:     2521329 :                 COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
    1831         [ -  + ]:     2521329 :                 COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
    1832         [ -  + ]:     2521329 :                 COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
    1833                 :             : 
    1834                 :     2521329 :                 blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
    1835                 :             : 
    1836         [ -  + ]:     2521329 :                 if (BKPIMAGE_COMPRESSED(blk->bimg_info))
    1837                 :             :                 {
    1838         [ #  # ]:           0 :                     if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
    1839         [ #  # ]:           0 :                         COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
    1840                 :             :                     else
    1841                 :           0 :                         blk->hole_length = 0;
    1842                 :             :                 }
    1843                 :             :                 else
    1844                 :     2521329 :                     blk->hole_length = BLCKSZ - blk->bimg_len;
    1845                 :     2521329 :                 datatotal += blk->bimg_len;
    1846                 :             : 
    1847                 :             :                 /*
    1848                 :             :                  * cross-check that hole_offset > 0, hole_length > 0 and
    1849                 :             :                  * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
    1850                 :             :                  */
    1851         [ +  + ]:     2521329 :                 if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
    1852         [ +  - ]:     2493686 :                     (blk->hole_offset == 0 ||
    1853         [ +  - ]:     2493686 :                      blk->hole_length == 0 ||
    1854         [ -  + ]:     2493686 :                      blk->bimg_len == BLCKSZ))
    1855                 :             :                 {
    1856                 :           0 :                     report_invalid_record(state,
    1857                 :             :                                           "BKPIMAGE_HAS_HOLE set, but hole offset %d length %d block image length %d at %X/%08X",
    1858                 :           0 :                                           blk->hole_offset,
    1859                 :           0 :                                           blk->hole_length,
    1860                 :           0 :                                           blk->bimg_len,
    1861                 :           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1862                 :           0 :                     goto err;
    1863                 :             :                 }
    1864                 :             : 
    1865                 :             :                 /*
    1866                 :             :                  * cross-check that hole_offset == 0 and hole_length == 0 if
    1867                 :             :                  * the HAS_HOLE flag is not set.
    1868                 :             :                  */
    1869         [ +  + ]:     2521329 :                 if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
    1870   [ +  -  -  + ]:       27643 :                     (blk->hole_offset != 0 || blk->hole_length != 0))
    1871                 :             :                 {
    1872                 :           0 :                     report_invalid_record(state,
    1873                 :             :                                           "BKPIMAGE_HAS_HOLE not set, but hole offset %d length %d at %X/%08X",
    1874                 :           0 :                                           blk->hole_offset,
    1875                 :           0 :                                           blk->hole_length,
    1876                 :           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1877                 :           0 :                     goto err;
    1878                 :             :                 }
    1879                 :             : 
    1880                 :             :                 /*
    1881                 :             :                  * Cross-check that bimg_len < BLCKSZ if it is compressed.
    1882                 :             :                  */
    1883         [ -  + ]:     2521329 :                 if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
    1884         [ #  # ]:           0 :                     blk->bimg_len == BLCKSZ)
    1885                 :             :                 {
    1886                 :           0 :                     report_invalid_record(state,
    1887                 :             :                                           "BKPIMAGE_COMPRESSED set, but block image length %d at %X/%08X",
    1888                 :           0 :                                           blk->bimg_len,
    1889                 :           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1890                 :           0 :                     goto err;
    1891                 :             :                 }
    1892                 :             : 
    1893                 :             :                 /*
    1894                 :             :                  * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
    1895                 :             :                  * set nor COMPRESSED().
    1896                 :             :                  */
    1897         [ +  + ]:     2521329 :                 if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
    1898         [ +  - ]:       27643 :                     !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
    1899         [ -  + ]:       27643 :                     blk->bimg_len != BLCKSZ)
    1900                 :             :                 {
    1901                 :           0 :                     report_invalid_record(state,
    1902                 :             :                                           "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %d at %X/%08X",
    1903                 :           0 :                                           blk->data_len,
    1904                 :           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1905                 :           0 :                     goto err;
    1906                 :             :                 }
    1907                 :             :             }
    1908         [ +  + ]:     5233797 :             if (!(fork_flags & BKPBLOCK_SAME_REL))
    1909                 :             :             {
    1910         [ -  + ]:     4869901 :                 COPY_HEADER_FIELD(&blk->rlocator, sizeof(RelFileLocator));
    1911                 :     4869901 :                 rlocator = &blk->rlocator;
    1912                 :             :             }
    1913                 :             :             else
    1914                 :             :             {
    1915         [ -  + ]:      363896 :                 if (rlocator == NULL)
    1916                 :             :                 {
    1917                 :           0 :                     report_invalid_record(state,
    1918                 :             :                                           "BKPBLOCK_SAME_REL set but no previous rel at %X/%08X",
    1919                 :           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1920                 :           0 :                     goto err;
    1921                 :             :                 }
    1922                 :             : 
    1923                 :      363896 :                 blk->rlocator = *rlocator;
    1924                 :             :             }
    1925         [ -  + ]:     5233797 :             COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
    1926                 :             :         }
    1927                 :             :         else
    1928                 :             :         {
    1929                 :           0 :             report_invalid_record(state,
    1930                 :             :                                   "invalid block_id %u at %X/%08X",
    1931                 :           0 :                                   block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
    1932                 :           0 :             goto err;
    1933                 :             :         }
    1934                 :             :     }
    1935                 :             : 
    1936         [ -  + ]:     5060584 :     if (remaining != datatotal)
    1937                 :           0 :         goto shortdata_err;
    1938                 :             : 
    1939                 :             :     /*
    1940                 :             :      * Ok, we've parsed the fragment headers, and verified that the total
    1941                 :             :      * length of the payload in the fragments is equal to the amount of data
    1942                 :             :      * left.  Copy the data of each fragment to contiguous space after the
    1943                 :             :      * blocks array, inserting alignment padding before the data fragments so
    1944                 :             :      * they can be cast to struct pointers by REDO routines.
    1945                 :             :      */
    1946                 :     5060584 :     out = ((char *) decoded) +
    1947                 :     5060584 :         offsetof(DecodedXLogRecord, blocks) +
    1948                 :     5060584 :         sizeof(decoded->blocks[0]) * (decoded->max_block_id + 1);
    1949                 :             : 
    1950                 :             :     /* block data first */
    1951         [ +  + ]:    10297411 :     for (block_id = 0; block_id <= decoded->max_block_id; block_id++)
    1952                 :             :     {
    1953                 :     5236827 :         DecodedBkpBlock *blk = &decoded->blocks[block_id];
    1954                 :             : 
    1955         [ +  + ]:     5236827 :         if (!blk->in_use)
    1956                 :        3030 :             continue;
    1957                 :             : 
    1958                 :             :         Assert(blk->has_image || !blk->apply_image);
    1959                 :             : 
    1960         [ +  + ]:     5233797 :         if (blk->has_image)
    1961                 :             :         {
    1962                 :             :             /* no need to align image */
    1963                 :     2521329 :             blk->bkp_image = out;
    1964                 :     2521329 :             memcpy(out, ptr, blk->bimg_len);
    1965                 :     2521329 :             ptr += blk->bimg_len;
    1966                 :     2521329 :             out += blk->bimg_len;
    1967                 :             :         }
    1968         [ +  + ]:     5233797 :         if (blk->has_data)
    1969                 :             :         {
    1970                 :     3954636 :             out = (char *) MAXALIGN(out);
    1971                 :     3954636 :             blk->data = out;
    1972                 :     3954636 :             memcpy(blk->data, ptr, blk->data_len);
    1973                 :     3954636 :             ptr += blk->data_len;
    1974                 :     3954636 :             out += blk->data_len;
    1975                 :             :         }
    1976                 :             :     }
    1977                 :             : 
    1978                 :             :     /* and finally, the main data */
    1979         [ +  + ]:     5060584 :     if (decoded->main_data_len > 0)
    1980                 :             :     {
    1981                 :     4999927 :         out = (char *) MAXALIGN(out);
    1982                 :     4999927 :         decoded->main_data = out;
    1983                 :     4999927 :         memcpy(decoded->main_data, ptr, decoded->main_data_len);
    1984                 :     4999927 :         ptr += decoded->main_data_len;
    1985                 :     4999927 :         out += decoded->main_data_len;
    1986                 :             :     }
    1987                 :             : 
    1988                 :             :     /* Report the actual size we used. */
    1989                 :     5060584 :     decoded->size = MAXALIGN(out - (char *) decoded);
    1990                 :             :     Assert(DecodeXLogRecordRequiredSpace(record->xl_tot_len) >=
    1991                 :             :            decoded->size);
    1992                 :             : 
    1993                 :     5060584 :     return true;
    1994                 :             : 
    1995                 :           0 : shortdata_err:
    1996                 :           0 :     report_invalid_record(state,
    1997                 :             :                           "record with invalid length at %X/%08X",
    1998                 :           0 :                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1999                 :           0 : err:
    2000                 :           0 :     *errormsg = state->errormsg_buf;
    2001                 :             : 
    2002                 :           0 :     return false;
    2003                 :             : }
    2004                 :             : 
    2005                 :             : /*
    2006                 :             :  * Returns information about the block that a block reference refers to.
    2007                 :             :  *
    2008                 :             :  * This is like XLogRecGetBlockTagExtended, except that the block reference
    2009                 :             :  * must exist and there's no access to prefetch_buffer.
    2010                 :             :  */
    2011                 :             : void
    2012                 :     3110873 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
    2013                 :             :                    RelFileLocator *rlocator, ForkNumber *forknum,
    2014                 :             :                    BlockNumber *blknum)
    2015                 :             : {
    2016         [ -  + ]:     3110873 :     if (!XLogRecGetBlockTagExtended(record, block_id, rlocator, forknum,
    2017                 :             :                                     blknum, NULL))
    2018                 :             :     {
    2019                 :             : #ifndef FRONTEND
    2020         [ #  # ]:           0 :         elog(ERROR, "could not locate backup block with ID %d in WAL record",
    2021                 :             :              block_id);
    2022                 :             : #else
    2023                 :             :         pg_fatal("could not locate backup block with ID %d in WAL record",
    2024                 :             :                  block_id);
    2025                 :             : #endif
    2026                 :             :     }
    2027                 :     3110873 : }
    2028                 :             : 
    2029                 :             : /*
    2030                 :             :  * Returns information about the block that a block reference refers to,
    2031                 :             :  * optionally including the buffer that the block may already be in.
    2032                 :             :  *
    2033                 :             :  * If the WAL record contains a block reference with the given ID, *rlocator,
    2034                 :             :  * *forknum, *blknum and *prefetch_buffer are filled in (if not NULL), and
    2035                 :             :  * returns true.  Otherwise returns false.
    2036                 :             :  */
    2037                 :             : bool
    2038                 :     8792437 : XLogRecGetBlockTagExtended(XLogReaderState *record, uint8 block_id,
    2039                 :             :                            RelFileLocator *rlocator, ForkNumber *forknum,
    2040                 :             :                            BlockNumber *blknum,
    2041                 :             :                            Buffer *prefetch_buffer)
    2042                 :             : {
    2043                 :             :     DecodedBkpBlock *bkpb;
    2044                 :             : 
    2045   [ +  +  +  + ]:     8792437 :     if (!XLogRecHasBlockRef(record, block_id))
    2046                 :       44946 :         return false;
    2047                 :             : 
    2048                 :     8747491 :     bkpb = &record->record->blocks[block_id];
    2049         [ +  + ]:     8747491 :     if (rlocator)
    2050                 :     8684202 :         *rlocator = bkpb->rlocator;
    2051         [ +  + ]:     8747491 :     if (forknum)
    2052                 :     5583032 :         *forknum = bkpb->forknum;
    2053         [ +  + ]:     8747491 :     if (blknum)
    2054                 :     7472163 :         *blknum = bkpb->blkno;
    2055         [ +  + ]:     8747491 :     if (prefetch_buffer)
    2056                 :     3047783 :         *prefetch_buffer = bkpb->prefetch_buffer;
    2057                 :     8747491 :     return true;
    2058                 :             : }
    2059                 :             : 
    2060                 :             : /*
    2061                 :             :  * Returns the data associated with a block reference, or NULL if there is
    2062                 :             :  * no data (e.g. because a full-page image was taken instead). The returned
    2063                 :             :  * pointer points to a MAXALIGNed buffer.
    2064                 :             :  */
    2065                 :             : char *
    2066                 :     3355449 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
    2067                 :             : {
    2068                 :             :     DecodedBkpBlock *bkpb;
    2069                 :             : 
    2070         [ +  - ]:     3355449 :     if (block_id > record->record->max_block_id ||
    2071         [ -  + ]:     3355449 :         !record->record->blocks[block_id].in_use)
    2072                 :           0 :         return NULL;
    2073                 :             : 
    2074                 :     3355449 :     bkpb = &record->record->blocks[block_id];
    2075                 :             : 
    2076         [ +  + ]:     3355449 :     if (!bkpb->has_data)
    2077                 :             :     {
    2078         [ +  - ]:        2195 :         if (len)
    2079                 :        2195 :             *len = 0;
    2080                 :        2195 :         return NULL;
    2081                 :             :     }
    2082                 :             :     else
    2083                 :             :     {
    2084         [ +  + ]:     3353254 :         if (len)
    2085                 :     3348999 :             *len = bkpb->data_len;
    2086                 :     3353254 :         return bkpb->data;
    2087                 :             :     }
    2088                 :             : }
    2089                 :             : 
    2090                 :             : /*
    2091                 :             :  * Restore a full-page image from a backup block attached to an XLOG record.
    2092                 :             :  *
    2093                 :             :  * Returns true if a full-page image is restored, and false on failure with
    2094                 :             :  * an error to be consumed by the caller.
    2095                 :             :  */
    2096                 :             : bool
    2097                 :     2506661 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
    2098                 :             : {
    2099                 :             :     DecodedBkpBlock *bkpb;
    2100                 :             :     char       *ptr;
    2101                 :             :     PGAlignedBlock tmp;
    2102                 :             : 
    2103         [ +  - ]:     2506661 :     if (block_id > record->record->max_block_id ||
    2104         [ -  + ]:     2506661 :         !record->record->blocks[block_id].in_use)
    2105                 :             :     {
    2106                 :           0 :         report_invalid_record(record,
    2107                 :             :                               "could not restore image at %X/%08X with invalid block %d specified",
    2108                 :           0 :                               LSN_FORMAT_ARGS(record->ReadRecPtr),
    2109                 :             :                               block_id);
    2110                 :           0 :         return false;
    2111                 :             :     }
    2112         [ -  + ]:     2506661 :     if (!record->record->blocks[block_id].has_image)
    2113                 :             :     {
    2114                 :           0 :         report_invalid_record(record, "could not restore image at %X/%08X with invalid state, block %d",
    2115                 :           0 :                               LSN_FORMAT_ARGS(record->ReadRecPtr),
    2116                 :             :                               block_id);
    2117                 :           0 :         return false;
    2118                 :             :     }
    2119                 :             : 
    2120                 :     2506661 :     bkpb = &record->record->blocks[block_id];
    2121                 :     2506661 :     ptr = bkpb->bkp_image;
    2122                 :             : 
    2123         [ -  + ]:     2506661 :     if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
    2124                 :             :     {
    2125                 :             :         /* If a backup block image is compressed, decompress it */
    2126                 :           0 :         bool        decomp_success = true;
    2127                 :             : 
    2128         [ #  # ]:           0 :         if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
    2129                 :             :         {
    2130         [ #  # ]:           0 :             if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
    2131                 :           0 :                                 BLCKSZ - bkpb->hole_length, true) < 0)
    2132                 :           0 :                 decomp_success = false;
    2133                 :             :         }
    2134         [ #  # ]:           0 :         else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
    2135                 :             :         {
    2136                 :             : #ifdef USE_LZ4
    2137         [ #  # ]:           0 :             if (LZ4_decompress_safe(ptr, tmp.data,
    2138                 :           0 :                                     bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
    2139                 :           0 :                 decomp_success = false;
    2140                 :             : #else
    2141                 :             :             report_invalid_record(record, "could not restore image at %X/%08X compressed with %s not supported by build, block %d",
    2142                 :             :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2143                 :             :                                   "LZ4",
    2144                 :             :                                   block_id);
    2145                 :             :             return false;
    2146                 :             : #endif
    2147                 :             :         }
    2148         [ #  # ]:           0 :         else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_ZSTD) != 0)
    2149                 :             :         {
    2150                 :             : #ifdef USE_ZSTD
    2151                 :             :             size_t      decomp_result = ZSTD_decompress(tmp.data,
    2152                 :             :                                                         BLCKSZ - bkpb->hole_length,
    2153                 :             :                                                         ptr, bkpb->bimg_len);
    2154                 :             : 
    2155                 :             :             if (ZSTD_isError(decomp_result))
    2156                 :             :                 decomp_success = false;
    2157                 :             : #else
    2158                 :           0 :             report_invalid_record(record, "could not restore image at %X/%08X compressed with %s not supported by build, block %d",
    2159                 :           0 :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2160                 :             :                                   "zstd",
    2161                 :             :                                   block_id);
    2162                 :           0 :             return false;
    2163                 :             : #endif
    2164                 :             :         }
    2165                 :             :         else
    2166                 :             :         {
    2167                 :           0 :             report_invalid_record(record, "could not restore image at %X/%08X compressed with unknown method, block %d",
    2168                 :           0 :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2169                 :             :                                   block_id);
    2170                 :           0 :             return false;
    2171                 :             :         }
    2172                 :             : 
    2173         [ #  # ]:           0 :         if (!decomp_success)
    2174                 :             :         {
    2175                 :           0 :             report_invalid_record(record, "could not decompress image at %X/%08X, block %d",
    2176                 :           0 :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2177                 :             :                                   block_id);
    2178                 :           0 :             return false;
    2179                 :             :         }
    2180                 :             : 
    2181                 :           0 :         ptr = tmp.data;
    2182                 :             :     }
    2183                 :             : 
    2184                 :             :     /* generate page, taking into account hole if necessary */
    2185         [ +  + ]:     2506661 :     if (bkpb->hole_length == 0)
    2186                 :             :     {
    2187                 :       25274 :         memcpy(page, ptr, BLCKSZ);
    2188                 :             :     }
    2189                 :             :     else
    2190                 :             :     {
    2191                 :     2481387 :         memcpy(page, ptr, bkpb->hole_offset);
    2192                 :             :         /* must zero-fill the hole */
    2193   [ +  +  +  -  :    13265718 :         MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
          +  -  +  +  +  
                      + ]
    2194                 :     2481387 :         memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
    2195                 :     2481387 :                ptr + bkpb->hole_offset,
    2196                 :     2481387 :                BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
    2197                 :             :     }
    2198                 :             : 
    2199                 :     2506661 :     return true;
    2200                 :             : }
    2201                 :             : 
    2202                 :             : #ifndef FRONTEND
    2203                 :             : 
    2204                 :             : /*
    2205                 :             :  * Extract the FullTransactionId from a WAL record.
    2206                 :             :  */
    2207                 :             : FullTransactionId
    2208                 :           0 : XLogRecGetFullXid(XLogReaderState *record)
    2209                 :             : {
    2210                 :             :     /*
    2211                 :             :      * This function is only safe during replay, because it depends on the
    2212                 :             :      * replay state.  See AdvanceNextFullTransactionIdPastXid() for more.
    2213                 :             :      */
    2214                 :             :     Assert(AmStartupProcess() || !IsUnderPostmaster);
    2215                 :             : 
    2216                 :           0 :     return FullTransactionIdFromAllowableAt(TransamVariables->nextXid,
    2217                 :           0 :                                             XLogRecGetXid(record));
    2218                 :             : }
    2219                 :             : 
    2220                 :             : #endif
        

Generated by: LCOV version 2.0-1