Fix possible logical replication crash.

Commit c3afe8cf5a1e465bd71e48e4bc717f5bfdc7a7d6 added a new
password_required option but forgot that you need database access
to check whether an arbitrary role ID is a superuser.

Report and patch by Hou Zhijie. I added a comment. Thanks to
Alexander Lakhin for devising a way to reproduce the crash.

Discussion: http://postgr.es/m/OS0PR01MB5716BFD7EC44284C89F40808948F9@OS0PR01MB5716.jpnprd01.prod.outlook.com

diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c
index 6fd674b5d60a8d8f1956be6a53e8c43c5b9aa332..ef2a6beb361dcb4652fcacba85124021378ab171 100644 (file)
--- a/src/backend/replication/logical/worker.c
+++ b/src/backend/replication/logical/worker.c
@@ -4545,12 +4545,14 @@ ApplyWorkerMain(Datum main_arg)
                replorigin_session_setup(originid, 0);
                replorigin_session_origin = originid;
                origin_startpos = replorigin_session_get_progress(false);
-               CommitTransactionCommand();
 
                /* Is the use of a password mandatory? */
                must_use_password = MySubscription->passwordrequired &&
                        !superuser_arg(MySubscription->owner);
 
+               /* Note that the superuser_arg call can access the DB */
+               CommitTransactionCommand();
+
                LogRepWorkerWalRcvConn = walrcv_connect(MySubscription->conninfo, true,
                                                                                                must_use_password,
                                                                                                MySubscription->name, &err);