8000 Fix overflow danger in SampleHeapTupleVisible(), take 2 · postgrespro/postgres@94bb6c4 · GitHub
[go: up one dir, main page]
Skip to content

    • Commit 94bb6c4

    Browse files
    melanieplagemanmelanieplageman
    committed
    Fix overflow danger in SampleHeapTupleVisible(), take 2
    28328ec addressed one overflow danger in SampleHeapTupleVisible() but introduced another, albeit a less likely one. Modify the binary search code to remove this danger. Reported-by: Richard Guo Reviewed-by: Richard Guo, Ranier Vilela Discussion: https://postgr.es/m/CAMbWs4_bE%2BNscChbKWzw6HZOipCUyXfA5133qvoXQ654D3B2gQ%40mail.gmail.com
    1 parent 38c579b commit 94bb6c4

    File tree

    1 file changed

    +5
    -11
    lines changed

    1 file changed

    +5
    -11
    lines changed

    src/backend/access/heap/heapam_handler.c

    Lines changed: 5 additions & 11 deletions
    Original file line numberDiff line numberDiff line change
    @@ -2574,11 +2574,8 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
    25742574

    25752575
    if (scan->rs_flags & SO_ALLOW_PAGEMODE)
    25762576
    {
    2577-
    uint32 start,
    2578-
    end;
    2579-
    2580-
    if (hscan->rs_ntuples == 0)
    2581-
    return false;
    2577+
    uint32 start = 0,
    2578+
    end = hscan->rs_ntuples;
    25822579

    25832580
    /*
    25842581
    * In pageatatime mode, heap_prepare_pagescan() already did visibility
    @@ -2589,18 +2586,15 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
    25892586
    * in increasing order, but it's not clear that there would be enough
    25902587
    * gain to justify the restriction.
    25912588
    */
    2592-
    start = 0;
    2593-
    end = hscan->rs_ntuples - 1;
    2594-
    2595-
    while (start <= end)
    2589+
    while (start < end)
    25962590
    {
    2597-
    uint32 mid = (start + end) / 2;
    2591+
    uint32 mid = start + (end - start) / 2;
    25982592
    OffsetNumber curoffset = hscan->rs_vistuples[mid];
    25992593

    26002594
    if (tupoffset == curoffset)
    26012595
    return true;
    26022596
    else if (tupoffset < curoffset)
    2603-
    end = mid - 1;
    2597+
    end = mid;
    26042598
    else
    26052599
    start = mid + 1;
    26062600
    }

    0 commit comments

    Comments
     (0)
    0