Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVNk6-001v64-39 for pgsql-bugs@arkaria.postgresql.org; Fri, 05 Jun 2026 06:09:19 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wVNk5-00AQs4-2m for pgsql-bugs@arkaria.postgresql.org; Fri, 05 Jun 2026 06:09:17 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVNk5-00AQrv-1c for pgsql-bugs@lists.postgresql.org; Fri, 05 Jun 2026 06:09:17 +0000 Received: from mail-ua1-x933.google.com ([2607:f8b0:4864:20::933]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wVNk3-00000001Bpn-2y7p for pgsql-bugs@lists.postgresql.org; Fri, 05 Jun 2026 06:09:16 +0000 Received: by mail-ua1-x933.google.com with SMTP id a1e0cc1a2514c-963f63fe025so446228241.0 for ; Thu, 04 Jun 2026 23:09:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780639755; cv=none; d=google.com; s=arc-20240605; b=d+n2grl4q6g6n12yOSyPZBYYF/Ut24AXPxuk69ZVvv1yazG1p2U0LthJuMwlghjso3 aM4HMNhkIjI8xn2nFSxDc8Hae25PAOUE5j0iCfI4ctxWhlCNcYiaEmtLGfxf6eeyn0IX wRclceYUiZQxR29iArXujMNNnNgPvRmWxV1wvHoG1JVVrUj6/OXc3lR3k1j7uIQ1+2o8 ZjACI+5pzavFoo9qF7I5DTz9917p3/qdnmRcqm+pMIF6FRHpkQLy6uCEH4rEkzaAg3HP TNr/Y6JEO8ih3sogxuQjcnCo8RVCHogPkxcnKoxpSbVuf1GC9J8v7QgHiZDWabPnkWF1 qO/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=0hOIvmSxDMZVYkBj3d4JdeIDTDaDAvOd9Macx3mCDtc=; fh=JtWUetVXkxmzt9C2mXORw+BmtAKfARm8jt6Rv2+4nwc=; b=bndOx6yPfmWvlTdDwTRJVbp5rm8QaYynWpXUcFom7ovLHggmCyEIohuqM950oy4OoZ Iv3c9aSMHEBiPymnaYV4m1Or52spfVx9ZTZl02CqOUT0WYQOmIyHu1lHUWJRnJ9chPo0 cOBgNywCJUm6VCboQupV2KASNDWxKL/ur6wQDusY3sv0O0Gth0ITQoadw1Q9GQP/GSfE ibxcRkgo/tW+hg4ySJpP7KKTYYuYPrFSa5X/tBJgMWApF3PLfXnd679JKXcrfuDX7fDT 3o7NWL3bpppQmjC5SUSTlf3TKXQvFhE6ikpH994cC5d3QLVL/whKJqBle8XG0e+z2iJR /4wA==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780639755; x=1781244555; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0hOIvmSxDMZVYkBj3d4JdeIDTDaDAvOd9Macx3mCDtc=; b=O9sdEoFpxxy6/Brs/+RqH3cGO6qEn6vAfRlTW9lVZ7buoWD+WryfKni5T07U205jvE kYU/17YvwsLKcRf+n2zkGsZTwaaEaYcZOtl+za2lKQ6cuX9T1BmlXnErZMHQW3xe225p UUJi6twy6JnaO374xt6TZwfP7yf8gisSqsAKbzOGGXODL1e4Og6s2XvBQsE7A9YtMz0Y +zenymdghNfOv1a7unG5lLbYed0QOWsOhDEu4dz+6tFAUTxftiXOXcMukj1xFHzDb5ax OKRUbowprsTGnEZc00FC2bjBTW+fmgmkX/URLWIZFiHlzBWVDhPSNhwNuAwuDRD78E9F tGXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780639755; x=1781244555; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0hOIvmSxDMZVYkBj3d4JdeIDTDaDAvOd9Macx3mCDtc=; b=dPZMaE0hocrjWO8Rhp7oracgBi506X7exWNS1v1o3g3rRMDKLJ5czICzeGwpK+PZm/ /5lY707F3DHKkRBz7f41le7OyIPTA1r8SZVmewg87El1Eq4D/g2PbGE2pO4Pn7x0YMFx 88daKSm37aL0OqPmv638K+k55WTwrudzmdJN1Ao34X7bFwHqVHZfHp9cs8CWvJ6OOMMZ K5p3qtbwqiin8iqDAA1SdiutxHByS1iD2g+XsGWnVYC5K8C1GerlCpYwwTzpE2BXA/fr Z0owPcNNiqReCnu6H3nl+qc1S8V07Qzpb15478IEDXLVX2vQF2dLZku9RyiNr2XHh5zG Fsng== X-Forwarded-Encrypted: i=1; AFNElJ/+okdgUj+ktmS6jXmE7+hQKPnbE29HTfvZE/nXYqIPM4GcV2QNClbcu7WlaBCWcPdeJTRCvvUsAZ5Z@lists.postgresql.org X-Gm-Message-State: AOJu0YwgQL+paguNfhvTzdB5D6KGa2UTS/0q8rjEZ/1KkGPNWYh87HsT bqdPly/zANRoFZWxtFChVMQKsAoiak7nwVRj3UZdyBEbhzG1i5DhPzwZF3Y6WPR5b8wotZFrXWN OKqc9SDI6TMpeq313fa7ir84APZw5Y4qoIng4 X-Gm-Gg: Acq92OGUg5doDEknYio/5cLaCzSdvgVALh3DpCLkpt7o8tCHTLRfLxHWx6iM25QNSWR 00jifq/llj16XkSHJqHMkvTe/Eh0B/T2RlcADN8/EEdpvXvh/3vf/r6tBTAeaenCs3qBt+4undD DapVly9I6uMe5JJ6acWs7JuDuShEXp9gKlN0A2/t870a7hkXxC1W3Mevp8R+xw7oSUgH5IpI4Ta kZUCE82OsB8SnWXIR6Sg5eHXo/stwStXEnZfEmysITHb+D93dUwc8BGQF2+xB3DE9Q6OUmC/VoF JMv+0ax5TmV+vvyr1GoZrWxbj3SPMKDV3wniFSopfAzS3LYNfV/xd5US9hacu8IlaJ7scRww3Pp jMzOof26fvLm9qgYcPJsmgoWec18rQqTODkI8 X-Received: by 2002:a05:6102:3e09:b0:632:3bb5:95f1 with SMTP id ada2fe7eead31-6ff01bc5a91mr771480137.27.1780639754539; Thu, 04 Jun 2026 23:09:14 -0700 (PDT) MIME-Version: 1.0 References: <33766.1780471821@localhost> In-Reply-To: From: Srinath Reddy Sadipiralla Date: Fri, 5 Jun 2026 11:39:03 +0530 X-Gm-Features: AVVi8Ccsyx1R_tDZOdEAe136O3EOelEnLDXrpu0o26zd98sQ0F7-8u9veiXKWzE Message-ID: Subject: Re: BUG #19500: pgrepack logical decoding plugin can crash assert builds via SQL decoding API To: Alvaro Herrera Cc: Antonin Houska , n.kalinin@postgrespro.ru, pgsql-bugs@lists.postgresql.org Content-Type: multipart/alternative; boundary="0000000000000ad62806537b80f2" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000000ad62806537b80f2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jun 4, 2026 at 2:50=E2=80=AFAM Alvaro Herrera wrote: > On 2026-Jun-03, Antonin Houska wrote: > > > Srinath Reddy Sadipiralla wrote: > > > > > Could we reject the pgrepack plugin at slot creation instead, in > > > pg_create_logical_replication_slot() and the CREATE_REPLICATION_SLOT > > > command, so misuse gets a clear "reserved for REPACK (CONCURRENTLY)" > > > error up front, before any decoding? REPACK creates its slot directly > via > > > ReplicationSlotCreate(), so it's unaffected, and the begin-callback > check > > > with magic guard can stay as the internal safety net. > > > Happy to be told this isn't worth special-casing :) > > > > Another possible approach: restrict the use of the plugin to the REPACK > > decoding worker. > > I don't like either of these approaches, because they are forcing the > generic facility (either slot creation or logical decoding setup) to > know something about one specific user of the facility. That is to say, > the restriction is being added on the wrong side of the abstraction. > I know my implementation the drawback you (Srinath) mentioned, because > the abstraction doesn't provide us with a great way to inject an error > report at the exact spot we need it; but I think it's at the correct > side of the abstraction. > (I'm not really sure that there _is_ a great way to throw an error > report at the right time. That would require every single output plugin > author to add a function we can call; and every single one of them, > except REPACK, would do nothing. This seems quite pointless.) > > I frankly don't have a problem with letting a transaction spill a few > GBs to disk only to then report an error that pgrepack is being misused. > It's just not something that anyone would do for fun. > makes sense, we can go with your approach, thanks for the clarification. --=20 Thanks :) Srinath Reddy Sadipiralla EDB: https://www.enterprisedb.com/ --0000000000000ad62806537b80f2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Thu, Jun 4, = 2026 at 2:50=E2=80=AFAM Alvaro Herrera <alvherre@kurilemu.de> wrote:
On 2026-Jun-03, Antonin Houska wrote:

> Srinath Reddy Sadipiralla <srinath2133@gmail.com> wrote:
>
> > Could we reject the pgrepack plugin at slot creation instead, in<= br> > > pg_create_logical_replication_slot() and the CREATE_REPLICATION_S= LOT
> > command, so misuse gets a clear "reserved for REPACK (CONCUR= RENTLY)"
> > error up front, before any decoding? REPACK creates its slot dire= ctly via
> > ReplicationSlotCreate(), so it's unaffected, and the begin-ca= llback check
> > with magic guard can stay as the internal safety net.
> > Happy to be told this isn't worth special-casing :)
>
> Another possible approach: restrict the use of the plugin to the REPAC= K
> decoding worker.

I don't like either of these approaches, because they are forcing the generic facility (either slot creation or logical decoding setup) to
know something about one specific user of the facility.=C2=A0 That is to sa= y,
the restriction is being added on the wrong side of the abstraction.
I know my implementation the drawback you (Srinath) mentioned, because
the abstraction doesn't provide us with a great way to inject an error<= br> report at the exact spot we need it; but I think it's at the correct side of the abstraction.

(I'm not really sure that there _is_ a great way to throw an error
report at the right time.=C2=A0 That would require every single output plug= in
author to add a function we can call; and every single one of them,
except REPACK, would do nothing.=C2=A0 This seems quite pointless.)

I frankly don't have a problem with letting a transaction spill a few GBs to disk only to then report an error that pgrepack is being misused. It's just not something that anyone would do for fun.
<= div>
makes sense, we can go with your approach, thanks for
the clarif= ication.


--
Thanks :)
S= rinath Reddy Sadipiralla
EDB:=C2=A0https://www.ente= rprisedb.com/
--0000000000000ad62806537b80f2--