SPI_cursor_open failed to enforce that only read-only queries could be

executed in read_only mode.  This could lead to various relatively-subtle
failures, such as an allegedly stable function returning non-stable results.
Bug goes all the way back to the introduction of read-only mode in 8.0.
Per report from Gaetano Mendola.

diff --git a/src/backend/executor/spi.c b/src/backend/executor/spi.c
index 3166cf8d03fbb9ee55b8ee4602257bc7f28f7476..27aafb1a848e685551f5a36487eda3b4957f98a8 100644 (file)
--- a/src/backend/executor/spi.c
+++ b/src/backend/executor/spi.c
@@ -870,6 +870,26 @@ SPI_cursor_open(const char *name, void *plan,
        if (list_length(qtlist) != list_length(ptlist))
                elog(ERROR, "corrupted SPI plan lists");
 
+       /*
+        * If told to be read-only, we'd better check for read-only queries.
+        */
+       if (read_only)
+       {
+               ListCell   *lc;
+
+               foreach(lc, qtlist)
+               {
+                       Query  *qry = (Query *) lfirst(lc);
+
+                       if (!QueryIsReadOnly(qry))
+                               ereport(ERROR,
+                                               (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+                                                /* translator: %s is a SQL statement name */
+                                                errmsg("%s is not allowed in a non-volatile function",
+                                                               CreateQueryTag(qry))));
+               }
+       }
+
        /* Reset SPI result (note we deliberately don't touch lastoid) */
        SPI_processed = 0;
        SPI_tuptable = NULL;