Re: BUG #19500: pgrepack logical decoding plugin can crash assert builds via SQL decoding API

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Antonin Houska <[email protected]>
To: Srinath Reddy Sadipiralla <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Subject: Re: BUG #19500: pgrepack logical decoding plugin can crash assert builds via SQL decoding API
Date: Wed, 03 Jun 2026 09:30:21 +0200
Message-ID: <33766.1780471821@localhost> (raw)
In-Reply-To: <CAFC+b6rpgFUUiU5z_YbF3GJStNqO2Pf7eW96txw=JtEe=_WPzw@mail.gmail.com>
References: <[email protected]>
	<[email protected]>
	<CAFC+b6rpgFUUiU5z_YbF3GJStNqO2Pf7eW96txw=JtEe=_WPzw@mail.gmail.com>

Srinath Reddy Sadipiralla <[email protected]> wrote:

> Could we reject the pgrepack plugin at slot creation instead, in
> pg_create_logical_replication_slot() and the CREATE_REPLICATION_SLOT
> command, so misuse gets a clear "reserved for REPACK (CONCURRENTLY)"
> error up front, before any decoding? REPACK creates its slot directly via
> ReplicationSlotCreate(), so it's unaffected, and the begin-callback check
> with magic guard can stay as the internal safety net.
> Happy to be told this isn't worth special-casing :)

Another possible approach: restrict the use of the plugin to the REPACK
decoding worker.

-- 
Antonin Houska
Web: https://www.cybertec-postgresql.com



Attachments:

  [text/x-diff] repack_reserve_plugin_name.diff (2.3K, 2-repack_reserve_plugin_name.diff)
  download | inline diff:
diff --git a/src/backend/commands/repack_worker.c b/src/backend/commands/repack_worker.c
index b6b7b604b4f..5213b1e050f 100644
--- a/src/backend/commands/repack_worker.c
+++ b/src/backend/commands/repack_worker.c
@@ -28,8 +28,6 @@
 #include "tcop/tcopprot.h"
 #include "utils/memutils.h"
 
-#define REPL_PLUGIN_NAME   "pgrepack"
-
 static void RepackWorkerShutdown(int code, Datum arg);
 static LogicalDecodingContext *repack_setup_logical_decoding(Oid relid);
 static void repack_cleanup_logical_decoding(LogicalDecodingContext *ctx);
@@ -228,7 +226,7 @@ repack_setup_logical_decoding(Oid relid)
 	 * Neither prepare_write nor do_write callback nor update_progress is
 	 * useful for us.
 	 */
-	ctx = CreateInitDecodingContext(REPL_PLUGIN_NAME,
+	ctx = CreateInitDecodingContext(REPACK_PLUGIN_NAME,
 									NIL,
 									true,
 									true,
diff --git a/src/backend/replication/logical/logical.c b/src/backend/replication/logical/logical.c
index 3541fc793e4..572bed7b4d1 100644
--- a/src/backend/replication/logical/logical.c
+++ b/src/backend/replication/logical/logical.c
@@ -31,6 +31,7 @@
 #include "access/xact.h"
 #include "access/xlog_internal.h"
 #include "access/xlogutils.h"
+#include "commands/repack.h"
 #include "fmgr.h"
 #include "miscadmin.h"
 #include "pgstat.h"
@@ -351,6 +352,16 @@ CreateInitDecodingContext(const char *plugin,
 	if (plugin == NULL)
 		elog(ERROR, "cannot initialize logical decoding without a specified plugin");
 
+	/*
+	 * Plugin for REPACK (CONCURRENTLY) is not designed for other uses, such
+	 * as the SQL interface. Use the fact that REPACK uses background worker
+	 * for the decoding.
+	 */
+	if (strcmp(plugin, REPACK_PLUGIN_NAME) == 0 && !AmRepackWorker())
+		ereport(ERROR,
+				errmsg("The \"%s\" decoder plugin may only be called by %s.",
+					   REPACK_PLUGIN_NAME, "REPACK (CONCURRENTLY)"));
+
 	/* Make sure the passed slot is suitable. These are user facing errors. */
 	if (SlotIsPhysical(slot))
 		ereport(ERROR,
diff --git a/src/include/commands/repack.h b/src/include/commands/repack.h
index 45e5440a311..1d5e9dbbe01 100644
--- a/src/include/commands/repack.h
+++ b/src/include/commands/repack.h
@@ -35,6 +35,8 @@ typedef struct ClusterParams
 	uint32		options;		/* bitmask of CLUOPT_* */
 } ClusterParams;
 
+#define REPACK_PLUGIN_NAME   "pgrepack"
+
 extern PGDLLIMPORT volatile sig_atomic_t RepackMessagePending;

view thread (14+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: BUG #19500: pgrepack logical decoding plugin can crash assert builds via SQL decoding API
  In-Reply-To: <33766.1780471821@localhost>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox