Hi Hackers, ALTER SUBSCRIPTION ... REFRESH PUBLICATION may crash if a subscribed table (or sequence) is dropped concurrently.
In check_publications_origin_tables(), the function iterates over subrel_local_oids without holding locks on the individual relations. If a table is dropped by another session between when the OID list was collected and when get_rel_name() is called, it returns NULL. That NULL is then passed to quote_literal_cstr(), which dereferences it unconditionally, causing a segfault. The same pattern exists in check_publications_origin_sequences() as well. Attached a patch to fix this by doing a null check after get_rel_name() and get_namespace_name(), and skip the relation if it's gone. Thanks, Satya
0001-fix-null-deref-in-subscription-refresh-on-concurrent-drop.patch
Description: Binary data
