Re: Fix a server crash problem from pg_get_database_ddl

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Chao Li <li.evan.chao@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Japin Li <japinli@hotmail.com>
Date: 2026-04-26T14:50:10Z
Lists: pgsql-hackers
On 2026-04-23 Th 2:47 AM, SATYANARAYANA NARLAPURAM wrote:
>
>
>
>     Thanks for printing out that. Yes, they are similar.
>
>     I agree with what Tom said in [2]:
>     ```
>     This is not a bug. This is a superuser intentionally breaking
>     the system by corrupting the catalogs. There are any number
>     of ways to cause trouble with ill-advised manual updates to a
>     catalog table. Try, eg, "DELETE FROM pg_proc" (... but not in
>     a database you care about).
>     ```
>
>     So, let me take back this patch.
>
>     [2]
>     https://www.postgresql.org/message-id/1538113.1768921841@sss.pgh.pa.us
>
>
> In this case, it is a very corner case but not something superuser 
> intentionally breaks.
> For example, a concurrent tablespace drop + database ddl to assign a 
> different tablespace or default.
> We aren't acquiring Access Share lock on the DB in this function 
> (intentional) so it is a good practice
> to do the null checks. Of course, it makes more sense to add this 
> comment while doing a code review.
> I will let Tom and others chime in with their thoughts on fixing this.
>
> Attached an injection point test to show the race. Not intended to commit.
>
>

I agree if there's a race condition we should protect against it. I 
don't much like the idea of silently ignoring it, though. Raising an 
error seems more like the right thing to do.


cheers


andrew

--
Andrew Dunstan
EDB:https://www.enterprisedb.com

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Avoid SIGSEGV in pg_get_database_ddl() on NULL tablespace