Check the snapshot argument of index_beginscan and family

Passing a NULL snapshot (InvalidSnapshot) is going to work but only as long
as the index can't find any matching rows.  This can be confusing for
the extension authors, so add an explicit check for this argument.  The check
is implemented with Assert() in order to avoid overhead in release builds.

Reported-by: Sven Klemm
Discussion: https://postgr.es/m/CAJ7c6TPxitD4vbKyP-mpmC1XwyHdPPqvjLzm%2BVpB88h8LGgneQ%40mail.gmail.com
Author: Aleksander Alekseev
Reviewed-by: Pavel Borisov

diff --git a/src/backend/access/index/indexam.c b/src/backend/access/index/indexam.c
index fe80b8b0bac026b47d3c954f55f3bada7b6b1863..dc303995e5bce367dddcfa96750af79a98533c19 100644 (file)
--- a/src/backend/access/index/indexam.c
+++ b/src/backend/access/index/indexam.c
@@ -209,6 +209,8 @@ index_beginscan(Relation heapRelation,
 {
        IndexScanDesc scan;
 
+       Assert(snapshot != InvalidSnapshot);
+
        scan = index_beginscan_internal(indexRelation, nkeys, norderbys, snapshot, NULL, false);
 
        /*
@@ -237,6 +239,8 @@ index_beginscan_bitmap(Relation indexRelation,
 {
        IndexScanDesc scan;
 
+       Assert(snapshot != InvalidSnapshot);
+
        scan = index_beginscan_internal(indexRelation, nkeys, 0, snapshot, NULL, false);
 
        /*
@@ -403,6 +407,8 @@ index_parallelscan_estimate(Relation indexRelation, Snapshot snapshot)
 {
        Size            nbytes;
 
+       Assert(snapshot != InvalidSnapshot);
+
        RELATION_CHECKS;
 
        nbytes = offsetof(ParallelIndexScanDescData, ps_snapshot_data);
@@ -437,6 +443,8 @@ index_parallelscan_initialize(Relation heapRelation, Relation indexRelation,
 {
        Size            offset;
 
+       Assert(snapshot != InvalidSnapshot);
+
        RELATION_CHECKS;
 
        offset = add_size(offsetof(ParallelIndexScanDescData, ps_snapshot_data),