Thread

  1. [PATCH] Fix NULL dereference in subscription REFRESH on concurrent DROP

    SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com> — 2026-05-24T07:57:11Z

    Hi Hackers,
    
    ALTER SUBSCRIPTION ... REFRESH PUBLICATION may crash if a
    subscribed table (or sequence) is dropped concurrently.
    
    In check_publications_origin_tables(), the function iterates over
    subrel_local_oids without holding locks on the individual relations.
    If a table is dropped by another session between when the OID list was
    collected and when get_rel_name() is called, it returns NULL.  That
    NULL is then passed to quote_literal_cstr(), which dereferences it
    unconditionally, causing a segfault. The same pattern exists in
    check_publications_origin_sequences() as well.
    
    Attached a patch to fix this by doing a null check after get_rel_name() and
    get_namespace_name(), and skip the relation if it's gone.
    
    Thanks,
    Satya