1
0
mirror of https://github.com/postgres/postgres.git synced 2025-10-25 13:17:41 +03:00

Check for relation length overrun soon enough.

We don't allow relations to exceed 2^32-1 blocks, because block
numbers are 32 bits and the last possible block number is reserved
to mean InvalidBlockNumber.  There is a check for this in mdextend,
but that's really way too late, because the smgr API requires us to
create a buffer for the block-to-be-added, and we do not want to
have any buffer with blocknum InvalidBlockNumber.  (Such a case
can trigger assertions in bufmgr.c, plus I think it might confuse
ReadBuffer's logic for data-past-EOF later on.)  So put the check
into ReadBuffer.

Per report from Christoph Berg.  It's been like this forever,
so back-patch to all supported branches.

Discussion: https://postgr.es/m/YTn1iTkUYBZfcODk@msg.credativ.de
This commit is contained in:
Tom Lane
2021-09-09 11:45:48 -04:00
parent dd9b3fced8
commit 04118de78f
2 changed files with 11 additions and 1 deletions

View File

@@ -739,7 +739,16 @@ ReadBuffer_common(SMgrRelation smgr, char relpersistence, ForkNumber forkNum,
/* Substitute proper block number if caller asked for P_NEW */ /* Substitute proper block number if caller asked for P_NEW */
if (isExtend) if (isExtend)
{
blockNum = smgrnblocks(smgr, forkNum); blockNum = smgrnblocks(smgr, forkNum);
/* Fail if relation is already at maximum possible length */
if (blockNum == P_NEW)
ereport(ERROR,
(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
errmsg("cannot extend relation %s beyond %u blocks",
relpath(smgr->smgr_rnode, forkNum),
P_NEW)));
}
if (isLocalBuf) if (isLocalBuf)
{ {

View File

@@ -437,7 +437,8 @@ mdextend(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
/* /*
* If a relation manages to grow to 2^32-1 blocks, refuse to extend it any * If a relation manages to grow to 2^32-1 blocks, refuse to extend it any
* more --- we mustn't create a block whose number actually is * more --- we mustn't create a block whose number actually is
* InvalidBlockNumber. * InvalidBlockNumber. (Note that this failure should be unreachable
* because of upstream checks in bufmgr.c.)
*/ */
if (blocknum == InvalidBlockNumber) if (blocknum == InvalidBlockNumber)
ereport(ERROR, ereport(ERROR,