Re: Fix a server crash problem from pg_get_database_ddl

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Andrew Dunstan <[email protected]>
To: SATYANARAYANA NARLAPURAM <[email protected]>
To: Tom Lane <[email protected]>
To: Chao Li <[email protected]>
To: PostgreSQL-development <[email protected]>
To: Japin Li <[email protected]>
Subject: Re: Fix a server crash problem from pg_get_database_ddl
Date: Sun, 26 Apr 2026 10:50:10 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAHg+QDcNyJ94cCD+9ZRfz==hDnghjE5BaR4+BiSWXt82hpgDtA@mail.gmail.com>
References: <[email protected]>
	<[email protected]>
	<SY7PR01MB109214566B069E9C9084590FEB6232@SY7PR01MB10921.ausprd01.prod.outlook.com>
	<[email protected]>
	<CAHg+QDcNyJ94cCD+9ZRfz==hDnghjE5BaR4+BiSWXt82hpgDtA@mail.gmail.com>


On 2026-04-23 Th 2:47 AM, SATYANARAYANA NARLAPURAM wrote:
>
>
>
>     Thanks for printing out that. Yes, they are similar.
>
>     I agree with what Tom said in [2]:
>     ```
>     This is not a bug. This is a superuser intentionally breaking
>     the system by corrupting the catalogs. There are any number
>     of ways to cause trouble with ill-advised manual updates to a
>     catalog table. Try, eg, "DELETE FROM pg_proc" (... but not in
>     a database you care about).
>     ```
>
>     So, let me take back this patch.
>
>     [2]
>     https://www.postgresql.org/message-id/[email protected]
>
>
> In this case, it is a very corner case but not something superuser 
> intentionally breaks.
> For example, a concurrent tablespace drop + database ddl to assign a 
> different tablespace or default.
> We aren't acquiring Access Share lock on the DB in this function 
> (intentional) so it is a good practice
> to do the null checks. Of course, it makes more sense to add this 
> comment while doing a code review.
> I will let Tom and others chime in with their thoughts on fixing this.
>
> Attached an injection point test to show the race. Not intended to commit.
>
>

I agree if there's a race condition we should protect against it. I 
don't much like the idea of silently ignoring it, though. Raising an 
error seems more like the right thing to do.


cheers


andrew

--
Andrew Dunstan
EDB:https://www.enterprisedb.com

view thread (10+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Fix a server crash problem from pg_get_database_ddl
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox