Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wbjQM-002ndB-1h for pgsql-bugs@arkaria.postgresql.org; Mon, 22 Jun 2026 18:31:10 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wbjQI-007XMZ-2Q for pgsql-bugs@arkaria.postgresql.org; Mon, 22 Jun 2026 18:31:06 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wbjQI-007XMR-1c for pgsql-bugs@lists.postgresql.org; Mon, 22 Jun 2026 18:31:06 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wbjQB-00000001nQb-1tko for pgsql-bugs@lists.postgresql.org; Mon, 22 Jun 2026 18:31:04 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.18.1/8.18.1) with ESMTP id 65MIUsOY592840; Mon, 22 Jun 2026 14:30:54 -0400 From: Tom Lane To: Laurenz Albe cc: =?ISO-8859-1?Q?H=FCseyin?= Demir , Greg Sabino Mullane , pgsql-bugs@lists.postgresql.org Subject: Re: BUG #19483: pg_upgrade fails with orphan records in pg_init_priv catalog table In-reply-to: <0d7531c192859057c6aad54c89a8d453376bd00c.camel@cybertec.at> References: <19483-80de42dc4e62cfd6@postgresql.org> <104812.1780847519@sss.pgh.pa.us> <5184088806e70ed5db7e83bd6540a016b3802c1d.camel@cybertec.at> <0d7531c192859057c6aad54c89a8d453376bd00c.camel@cybertec.at> Comments: In-reply-to Laurenz Albe message dated "Mon, 22 Jun 2026 19:23:38 +0200" MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0" Content-ID: <592791.1782152994.0@sss.pgh.pa.us> Date: Mon, 22 Jun 2026 14:30:54 -0400 Message-ID: <592839.1782153054@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <592791.1782152994.1@sss.pgh.pa.us> Laurenz Albe writes: > Since there have been very few reports of this problem, the question > remains if we need this patch at all, or of it should be backpatched. > My opinion is that it should; every upgrade or restore failure is > one too many. I have a more pressing concern: has any performance testing been done on this? It looks like it'd be absolutely catastrophic for pg_dump performance on databases with lots of objects. The implementation direction I'd been vaguely imagining was for pg_dump's buildACLCommands() to drop any AclItems that contain dangling role references (ie, numeric OIDs where a role name should be). If the given role name contains any non-digit characters then it's certainly not dangling, so most of the time this'd be a very cheap check. However, if somebody does CREATE USER "007"; GRANT ALL ON TABLE mi6_operations TO "007"; we mustn't get fooled by that. The backend is doing us no favors by not making numeric OIDs visibly different from all-digit role names in AclItems. In HEAD I'd advocate fixing that on the server side (as attached), but we can't assume that a back-branch server has such a fix. What we could do with an old server is issue a query (once per pg_dump run) to collect all the valid all-digit role names, which should surely be a short list in most databases, and then filter against that within buildACLCommands(). regards, tom lane ------- =_aaaaaaaaaa0 Content-Type: text/x-diff; name="quote-all-digit-role-names-in-aclitemout.patch"; charset="us-ascii" Content-ID: <592791.1782152994.2@sss.pgh.pa.us> Content-Description: quote-all-digit-role-names-in-aclitemout.patch diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index 01caa12eca7..84803351f18 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -235,6 +235,10 @@ putid(char *p, const char *s) break; } } + /* If name is all-digits, quote it to distinguish from lookup failure */ + if (safe && strspn(s, "0123456789") == strlen(s)) + safe = false; + if (!safe) *p++ = '"'; for (src = s; *src; src++) ------- =_aaaaaaaaaa0--