[PATCH] Fix NULL dereference in subscription REFRESH on concurrent DROP
SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com>
From: SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-05-24T07:57:11Z
Lists: pgsql-hackers
Attachments
- 0001-fix-null-deref-in-subscription-refresh-on-concurrent-drop.patch (application/octet-stream)
Hi Hackers, ALTER SUBSCRIPTION ... REFRESH PUBLICATION may crash if a subscribed table (or sequence) is dropped concurrently. In check_publications_origin_tables(), the function iterates over subrel_local_oids without holding locks on the individual relations. If a table is dropped by another session between when the OID list was collected and when get_rel_name() is called, it returns NULL. That NULL is then passed to quote_literal_cstr(), which dereferences it unconditionally, causing a segfault. The same pattern exists in check_publications_origin_sequences() as well. Attached a patch to fix this by doing a null check after get_rel_name() and get_namespace_name(), and skip the relation if it's gone. Thanks, Satya