Re: Prevent crash when calling pgstat functions with unregistered stats kind
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Cc: Ewan Young <kdbase.hack@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2026-07-02T04:10:18Z
Lists: pgsql-hackers
On Thu, Jul 02, 2026 at 04:06:01AM +0000, Bertrand Drouvot wrote: > I agree that the responsibility should primarily be in the extension. However, > the issue is that the NULL dereference happens inside core code (pgstat_prep_pending_entry, > etc.), and the resulting segfault(s) cause the postmaster to terminate all > backends (not just the offending session). > > Given that one misconfigured extension can crash all connections on the server, > a defensive check in core seems reasonable (kind of similar to 341e9a05e7b). Nope, this was a different thing, doable in a couple of steps: - Load the library. - Write custom stats. - Stop the server, flush the stats. - Edit the configuration, not loading the library. - Restart the server, loading failed. The problem of this thread ought to be blocked at its source, in the extension itself: let's not give free hands to an extension to do what it should not be allowed to do. There is a similar defense in test_custom_rmgrs, as one example. We should just map to that. -- Michael
Commits
-
test_custom_stats: Fail if loading module outside shared_preload_libraries
- 7838efe9a2d1 19 (unreleased) landed
- 5045d9ff3b5a master landed