Fix set of issues with memory-allocation system calls in frontend code

Like the backend, the frontend has wrappers on top of malloc() and such
whose use is recommended.  Particularly, it is possible to do memory
allocation without issuing an error.  Some binaries missed the use of
those wrappers, so let's fix the gap for consistency.

This also fixes two latent bugs:
- In pg_dump/pg_dumpall when parsing an ACL item, on an out-of-memory
error for strdup(), the code considered the failure as a ACL parsing
problem instead of an actual OOM.
- In pg_waldump, an OOM when building the target directory string would
cause a crash.

Author: Daniel Gustafsson
Discussion: https://postgr.es/m/gY0y9xenfoBPc-Tufsr2Zg-MmkrJslm0Tw_CMg4p_j58-k_PXNC0klMdkKQkg61BkXC9_uWo-DcUzfxnHqpkpoR5jjVZrPHqKYikcHIiONhg=@yesql.se

Author: michaelpq

src/bin/pg_ctl/pg_ctl.c

@@ -1979,7 +1979,8 @@ GetPrivilegesToDelete(HANDLE hToken)
 		return NULL;
 	}
 
-	tokenPrivs = (PTOKEN_PRIVILEGES) malloc(length);
+	tokenPrivs = (PTOKEN_PRIVILEGES) pg_malloc_extended(length,
+														MCXT_ALLOC_NO_OOM);
 	if (tokenPrivs == NULL)
 	{
 		write_stderr(_("%s: out of memory\n"), progname);

src/bin/pg_dump/dumputils.c

@@ -481,15 +481,13 @@ parseAclItem(const char *item, const char *type,
 	char	   *slpos;
 	char	   *pos;
 
-	buf = strdup(item);
-	if (!buf)
-		return false;
+	buf = pg_strdup(item);
 
 	/* user or group name is string up to = */
 	eqpos = copyAclUserName(grantee, buf);
 	if (*eqpos != '=')
 	{
-		free(buf);
+		pg_free(buf);
 		return false;
 	}
 
@@ -501,13 +499,13 @@ parseAclItem(const char *item, const char *type,
 		slpos = copyAclUserName(grantor, slpos);
 		if (*slpos != '\0')
 		{
-			free(buf);
+			pg_free(buf);
 			return false;
 		}
 	}
 	else
 	{
-		free(buf);
+		pg_free(buf);
 		return false;
 	}
 
@@ -617,7 +615,7 @@ do { \
 			appendPQExpBuffer(privs, "(%s)", subname);
 	}
 
-	free(buf);
+	pg_free(buf);
 
 	return true;
 }

src/bin/pg_test_fsync/pg_test_fsync.c

@@ -170,7 +170,7 @@ handle_args(int argc, char *argv[])
 		switch (option)
 		{
 			case 'f':
-				filename = strdup(optarg);
+				filename = pg_strdup(optarg);
 				break;
 
 			case 's':

src/bin/pg_waldump/pg_waldump.c

@@ -247,15 +247,15 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 	{
 		if (search_directory(directory, fname))
 		{
-			private->inpath = strdup(directory);
+			private->inpath = pg_strdup(directory);
 			return;
 		}
 
 		/* directory / XLOGDIR */
 		snprintf(fpath, MAXPGPATH, "%s/%s", directory, XLOGDIR);
 		if (search_directory(fpath, fname))
 		{
-			private->inpath = strdup(fpath);
+			private->inpath = pg_strdup(fpath);
 			return;
 		}
 	}
@@ -266,13 +266,13 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 		/* current directory */
 		if (search_directory(".", fname))
 		{
-			private->inpath = strdup(".");
+			private->inpath = pg_strdup(".");
 			return;
 		}
 		/* XLOGDIR */
 		if (search_directory(XLOGDIR, fname))
 		{
-			private->inpath = strdup(XLOGDIR);
+			private->inpath = pg_strdup(XLOGDIR);
 			return;
 		}
 
@@ -283,7 +283,7 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 			snprintf(fpath, MAXPGPATH, "%s/%s", datadir, XLOGDIR);
 			if (search_directory(fpath, fname))
 			{
-				private->inpath = strdup(fpath);
+				private->inpath = pg_strdup(fpath);
 				return;
 			}
 		}

src/bin/psql/large_obj.c

@@ -200,7 +200,7 @@ do_lo_import(const char *filename_arg, const char *comment_arg)
 		char	   *bufptr;
 		size_t		slen = strlen(comment_arg);
 
-		cmdbuf = malloc(slen * 2 + 256);
+		cmdbuf = pg_malloc_extended(slen * 2 + 256, MCXT_ALLOC_NO_OOM);
 		if (!cmdbuf)
 			return fail_lo_xact("\\lo_import", own_transaction);
 		sprintf(cmdbuf, "COMMENT ON LARGE OBJECT %u IS '", loid);