Thread
-
[PATCH] Fix NULL dereference in subscription REFRESH on concurrent DROP
SATYANARAYANA NARLAPURAM <satyanarlapuram@gmail.com> — 2026-05-24T07:57:11Z
Hi Hackers, ALTER SUBSCRIPTION ... REFRESH PUBLICATION may crash if a subscribed table (or sequence) is dropped concurrently. In check_publications_origin_tables(), the function iterates over subrel_local_oids without holding locks on the individual relations. If a table is dropped by another session between when the OID list was collected and when get_rel_name() is called, it returns NULL. That NULL is then passed to quote_literal_cstr(), which dereferences it unconditionally, causing a segfault. The same pattern exists in check_publications_origin_sequences() as well. Attached a patch to fix this by doing a null check after get_rel_name() and get_namespace_name(), and skip the relation if it's gone. Thanks, Satya