Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wUg3X-001MDp-2S for pgsql-bugs@arkaria.postgresql.org; Wed, 03 Jun 2026 07:30:28 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wUg3W-000Fph-2A for pgsql-bugs@arkaria.postgresql.org; Wed, 03 Jun 2026 07:30:26 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wUg3W-000FpZ-1C for pgsql-bugs@lists.postgresql.org; Wed, 03 Jun 2026 07:30:26 +0000 Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wUg3U-00000000sJn-2OtE for pgsql-bugs@lists.postgresql.org; Wed, 03 Jun 2026 07:30:25 +0000 Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-46015dc517aso2186444f8f.2 for ; Wed, 03 Jun 2026 00:30:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1780471822; x=1781076622; darn=lists.postgresql.org; h=message-id:date:mime-version:comments:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=guBXutv9XBsbMliMtRQ5K2UrjZHF/gN8b7xGiPjTB2Y=; b=ZXuiA90UNfBphiPSADu6a9oRd7Vy12soxscLxWrMompeKr6yznu1m5nuJzyCi5rezY 6anbK5b86tD+R8+mJzigBJJBjHqbUipNTaXYOT+63+yB5nTJoEMrgd32u5Jp2SV0nnQd oaAGngXnjzWOvydcz710RKwBQDldnR+3CMQVNVgAeE7JIkCWnSba10uXDQ7ggZP8JujH CSlYtlI6oImUxWD9cpw4kPB/eHNqu6uUSofQPfhOME1l3Wh4XE9lS++V3vgArNI4hfUT E/ok0ktK64bSJLNgAIhK0CHRIbVb8vUz899XDnOiU0tzNud2G3pbXRVAJQz8difqNX5e BmMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780471822; x=1781076622; h=message-id:date:mime-version:comments:references:in-reply-to :subject:cc:to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=guBXutv9XBsbMliMtRQ5K2UrjZHF/gN8b7xGiPjTB2Y=; b=jsbdONXd3t2dU8Vp9TBUqObmckyD118ub6otWdV9BugJIY+uAO5g66ucO9v7Byz6ly YucGKAy4m6ECSUBBtg5ZmU3I240plfENaFJj2Z4xUmhsGW7TzaYs/irX8qBcCctkbqzO Xg9PrlBWLdJxCuQ4jxGT7fpIdKIFpLSPidNSJHGuHXrY7KjZKIns+NWTrAXkMI10+wWx Qjdwv7MKuaRtOi5vh/CoSO4jqlVUgCJGQ5JrKa1NHkRrwSXyxUJI+a8EXQhkEUy/hgBZ WpbZLqM5lWUytvaQgJa5+cktEtrvz/w2IkyejCadDBQ4d4jVXIXeU+1JyCWlUfPpYexP Ku9A== X-Forwarded-Encrypted: i=1; AFNElJ9ViBAXMOKmJBUoVt2EufRRcTrg4oaTMDvbrhGWgrxkOQfnQbXoaKpekZDtGkl7WToYxFte1ZuxXpRy@lists.postgresql.org X-Gm-Message-State: AOJu0YxLSnsKJANZWBH+n7OsclZaFP9dsYtFBoqJFo6SGjESBpgVRPY/ wvpOcKjTjklVwIuNUxVNnRm8k6xJHuhcbseTQQPLK17+DK774j9Wj//kGWgaq2hmvQo= X-Gm-Gg: Acq92OESyIVfRSu/YwP9ptrf7fKnVTn19LEcL1ElTYGMH/3aK/8RHZRXJ+a+Odf3Hmw 4sD9+gcbiQVReFofwKE5R89UzIS0RwYtSnxPA7UiB493PtEpXVXlj0X8hBIX0fADjQaeCBp5//c m/Y+paYHTxXO43eXtq8QSjvIjqcV0X7x4HXOu1F5SlBiCU0HtEQgG99V316VjryQUbOAJgFSMYm agMGUFixsfsy/vRdQx4E17qi/SRRkHTIeOF8Ela9P+p7QfC1aes5Z4eHTiT7s79BfTu+8ppJt6F ljVwL3xbRKO5W0agVwJ6+GJNaIz1I62kdgCIN7oKGkZg0rbxbgw+s+DbbETNzBvJzmjWHqGZ84r 7U3aaOk7Ad0SB0oyVAKcSJaxZsbYVkEixmH40TAOowiYh7C2AZVwhEkESpT7ydttP7y7l2aPzGJ QgK8sB5QaEg3aClUkPp6mBkXeTdJdGmJev8QptHAe/NcDc8N0= X-Received: by 2002:a05:600c:8b83:b0:490:958c:46dc with SMTP id 5b1f17b1804b1-490b5eb17d0mr36579185e9.17.1780471822185; Wed, 03 Jun 2026 00:30:22 -0700 (PDT) Received: from localhost (109-81-168-141.rct.o2.cz. [109.81.168.141]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-490b0e13f91sm149500335e9.3.2026.06.03.00.30.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jun 2026 00:30:21 -0700 (PDT) From: Antonin Houska To: Srinath Reddy Sadipiralla cc: alvherre@kurilemu.de, n.kalinin@postgrespro.ru, pgsql-bugs@lists.postgresql.org, b@ida.kurilemu.internal Subject: Re: BUG #19500: pgrepack logical decoding plugin can crash assert builds via SQL decoding API In-reply-to: References: Comments: In-reply-to Srinath Reddy Sadipiralla message dated "Wed, 03 Jun 2026 11:21:17 +0530." X-Mailer: MH-E 8.6+git; nmh 1.8; GNU Emacs 28.3 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Date: Wed, 03 Jun 2026 09:30:21 +0200 Message-ID: <33766.1780471821@localhost> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --=-=-= Content-Type: text/plain Srinath Reddy Sadipiralla wrote: > Could we reject the pgrepack plugin at slot creation instead, in > pg_create_logical_replication_slot() and the CREATE_REPLICATION_SLOT > command, so misuse gets a clear "reserved for REPACK (CONCURRENTLY)" > error up front, before any decoding? REPACK creates its slot directly via > ReplicationSlotCreate(), so it's unaffected, and the begin-callback check > with magic guard can stay as the internal safety net. > Happy to be told this isn't worth special-casing :) Another possible approach: restrict the use of the plugin to the REPACK decoding worker. -- Antonin Houska Web: https://www.cybertec-postgresql.com --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=repack_reserve_plugin_name.diff diff --git a/src/backend/commands/repack_worker.c b/src/backend/commands/repack_worker.c index b6b7b604b4f..5213b1e050f 100644 --- a/src/backend/commands/repack_worker.c +++ b/src/backend/commands/repack_worker.c @@ -28,8 +28,6 @@ #include "tcop/tcopprot.h" #include "utils/memutils.h" -#define REPL_PLUGIN_NAME "pgrepack" - static void RepackWorkerShutdown(int code, Datum arg); static LogicalDecodingContext *repack_setup_logical_decoding(Oid relid); static void repack_cleanup_logical_decoding(LogicalDecodingContext *ctx); @@ -228,7 +226,7 @@ repack_setup_logical_decoding(Oid relid) * Neither prepare_write nor do_write callback nor update_progress is * useful for us. */ - ctx = CreateInitDecodingContext(REPL_PLUGIN_NAME, + ctx = CreateInitDecodingContext(REPACK_PLUGIN_NAME, NIL, true, true, diff --git a/src/backend/replication/logical/logical.c b/src/backend/replication/logical/logical.c index 3541fc793e4..572bed7b4d1 100644 --- a/src/backend/replication/logical/logical.c +++ b/src/backend/replication/logical/logical.c @@ -31,6 +31,7 @@ #include "access/xact.h" #include "access/xlog_internal.h" #include "access/xlogutils.h" +#include "commands/repack.h" #include "fmgr.h" #include "miscadmin.h" #include "pgstat.h" @@ -351,6 +352,16 @@ CreateInitDecodingContext(const char *plugin, if (plugin == NULL) elog(ERROR, "cannot initialize logical decoding without a specified plugin"); + /* + * Plugin for REPACK (CONCURRENTLY) is not designed for other uses, such + * as the SQL interface. Use the fact that REPACK uses background worker + * for the decoding. + */ + if (strcmp(plugin, REPACK_PLUGIN_NAME) == 0 && !AmRepackWorker()) + ereport(ERROR, + errmsg("The \"%s\" decoder plugin may only be called by %s.", + REPACK_PLUGIN_NAME, "REPACK (CONCURRENTLY)")); + /* Make sure the passed slot is suitable. These are user facing errors. */ if (SlotIsPhysical(slot)) ereport(ERROR, diff --git a/src/include/commands/repack.h b/src/include/commands/repack.h index 45e5440a311..1d5e9dbbe01 100644 --- a/src/include/commands/repack.h +++ b/src/include/commands/repack.h @@ -35,6 +35,8 @@ typedef struct ClusterParams uint32 options; /* bitmask of CLUOPT_* */ } ClusterParams; +#define REPACK_PLUGIN_NAME "pgrepack" + extern PGDLLIMPORT volatile sig_atomic_t RepackMessagePending; --=-=-=--