database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-29 16:21:20 +03:00
Code

Fix overflow danger in SampleHeapTupleVisible()

Browse Source 
68d9662be1c4b70 made HeapScanDesc->rs_ntuples unsigned but neglected to
change how it was being used in SampleHeapTupleVisible().

Return early if rs_ntuples is 0 to avoid overflowing and incorrectly
executing the loop code in SampleHeapTupleVisible().

Reported-by: Ranier Vilela
Discussion: https://postgr.es/m/CAEudQAot_xQoZyPZjpj1aBUPrPykY5mOPHGyvfe%3Djz%2BWowdA3A%40mail.gmail.com
This commit is contained in:
Melanie Plageman 2024-12-18 18:16:43 -05:00
parent 68d9662be1
commit 28328ec87b
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/backend/access/heap/heapam_handler.c
View File

@ -2577,6 +2577,12 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
if (scan->rs_flags & SO_ALLOW_PAGEMODE) if (scan->rs_flags & SO_ALLOW_PAGEMODE)
{ {
uint32 start,
end;
if (hscan->rs_ntuples == 0)
return false;
/* /*
* In pageatatime mode, heap_prepare_pagescan() already did visibility * In pageatatime mode, heap_prepare_pagescan() already did visibility
* checks, so just look at the info it left in rs_vistuples[]. * checks, so just look at the info it left in rs_vistuples[].
@ -2586,12 +2592,12 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
* in increasing order, but it's not clear that there would be enough * in increasing order, but it's not clear that there would be enough
* gain to justify the restriction. * gain to justify the restriction.
*/ */
int start = 0, start = 0;
end = hscan->rs_ntuples - 1; end = hscan->rs_ntuples - 1;
while (start <= end) while (start <= end)
{ {
int mid = (start + end) / 2; uint32 mid = (start + end) / 2;
OffsetNumber curoffset = hscan->rs_vistuples[mid]; OffsetNumber curoffset = hscan->rs_vistuples[mid];
if (tupoffset == curoffset) if (tupoffset == curoffset)