[PATCH] Fix NULL dereference in subscription REFRESH on concurrent DROP

SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com>

From: SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-05-24T07:57:11Z
Lists: pgsql-hackers

Attachments

Hi Hackers,

ALTER SUBSCRIPTION ... REFRESH PUBLICATION may crash if a
subscribed table (or sequence) is dropped concurrently.

In check_publications_origin_tables(), the function iterates over
subrel_local_oids without holding locks on the individual relations.
If a table is dropped by another session between when the OID list was
collected and when get_rel_name() is called, it returns NULL.  That
NULL is then passed to quote_literal_cstr(), which dereferences it
unconditionally, causing a segfault. The same pattern exists in
check_publications_origin_sequences() as well.

Attached a patch to fix this by doing a null check after get_rel_name() and
get_namespace_name(), and skip the relation if it's gone.

Thanks,
Satya