Fix possible logical replication crash.

Commit c3afe8cf5a1e465bd71e48e4bc717f5bfdc7a7d6 added a new
password_required option but forgot that you need database access
to check whether an arbitrary role ID is a superuser.

Report and patch by Hou Zhijie. I added a comment. Thanks to
Alexander Lakhin for devising a way to reproduce the crash.

Discussion: http://postgr.es/m/OS0PR01MB5716BFD7EC44284C89F40808948F9@OS0PR01MB5716.jpnprd01.prod.outlook.com

diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c
index 6fd674b5d60a8d8f1956be6a53e8c43c5b9aa332..ef2a6beb361dcb4652fcacba85124021378ab171 100644 (file)
--- a/src/backend/replication/logical/worker.c
+++ b/src/backend/replication/logical/worker.c
@@ -4545,12 +4545,14 @@ ApplyWorkerMain(Datum main_arg)
        replorigin_session_setup(originid, 0);
        replorigin_session_origin = originid;
        origin_startpos = replorigin_session_get_progress(false);
-       CommitTransactionCommand();
 
        /* Is the use of a password mandatory? */
        must_use_password = MySubscription->passwordrequired &&
            !superuser_arg(MySubscription->owner);
 
+       /* Note that the superuser_arg call can access the DB */
+       CommitTransactionCommand();
+
        LogRepWorkerWalRcvConn = walrcv_connect(MySubscription->conninfo, true,
                                                must_use_password,
                                                MySubscription->name, &err);