Allow btree comparison functions to return INT_MIN.

Historically we forbade datatype-specific comparison functions from returning INT_MIN, so that it would be safe to invert the sort order just by negating the comparison result. However, this was never really safe for comparison functions that directly return the result of memcmp(), strcmp(), etc, as POSIX doesn't place any such restriction on those library functions. Buildfarm results show that at least on recent Linux on s390x, memcmp() actually does return INT_MIN sometimes, causing sort failures. The agreed-on answer is to remove this restriction and fix relevant call sites to not make such an assumption; code such as "res = -res" should be replaced by "INVERT_COMPARE_RESULT(res)". The same is needed in a few places that just directly negated the result of memcmp or strcmp. To help find places having this problem, I've also added a compile option to nbtcompare.c that causes some of the commonly used comparators to return INT_MIN/INT_MAX instead of their usual -1/+1. It'd likely be a good idea to have at least one buildfarm member running with "-DSTRESS_SORT_INT_MIN". That's far from a complete test of course, but it should help to prevent fresh introductions of such bugs. This is a longstanding portability hazard, so back-patch to all supported branches. Discussion: https://postgr.es/m/20180928185215.ffoq2xrq5d3pafna@alap3.anarazel.de
2025-07-28 23:42:10 +03:00 · 2018-10-05 16:01:29 -04:00
parent 6e526b7870
commit 67e7d4da72
13 changed files with 92 additions and 61 deletions
--- a/src/backend/access/nbtree/nbtcompare.c
+++ b/src/backend/access/nbtree/nbtcompare.c
@ -22,11 +22,10 @@
 *
 *	The result is always an int32 regardless of the input datatype.
 *
- *	Although any negative int32 (except INT_MIN) is acceptable for reporting
- *	"<", and any positive int32 is acceptable for reporting ">", routines
+ *	Although any negative int32 is acceptable for reporting "<",
+ *	and any positive int32 is acceptable for reporting ">", routines
 *	that work on 32-bit or wider datatypes can't just return "a - b".
- *	That could overflow and give the wrong answer.  Also, one must not
- *	return INT_MIN to report "<", since some callers will negate the result.
+ *	That could overflow and give the wrong answer.
 *
 *	NOTE: it is critical that the comparison function impose a total order
 *	on all non-NULL values of the data type, and that the datatype's
@ -44,13 +43,31 @@
 *	during an index access won't be recovered till end of query.  This
 *	primarily affects comparison routines for toastable datatypes;
 *	they have to be careful to free any detoasted copy of an input datum.
+ *
+ *	NOTE: we used to forbid comparison functions from returning INT_MIN,
+ *	but that proves to be too error-prone because some platforms' versions
+ *	of memcmp() etc can return INT_MIN.  As a means of stress-testing
+ *	callers, this file can be compiled with STRESS_SORT_INT_MIN defined
+ *	to cause many of these functions to return INT_MIN or INT_MAX instead of
+ *	their customary -1/+1.  For production, though, that's not a good idea
+ *	since users or third-party code might expect the traditional results.
 *-------------------------------------------------------------------------
 */
 #include "postgres.h"

+#include <limits.h>
+
 #include "utils/builtins.h"
 #include "utils/sortsupport.h"

+#ifdef STRESS_SORT_INT_MIN
+#define A_LESS_THAN_B		INT_MIN
+#define A_GREATER_THAN_B	INT_MAX
+#else
+#define A_LESS_THAN_B		(-1)
+#define A_GREATER_THAN_B	1
+#endif
+

 Datum
 btboolcmp(PG_FUNCTION_ARGS)
@ -95,11 +112,11 @@ btint4cmp(PG_FUNCTION_ARGS)
 	int32		b = PG_GETARG_INT32(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 static int
@ -109,11 +126,11 @@ btint4fastcmp(Datum x, Datum y, SortSupport ssup)
 	int32		b = DatumGetInt32(y);

 	if (a > b)
-		return 1;
+		return A_GREATER_THAN_B;
 	else if (a == b)
 		return 0;
 	else
-		return -1;
+		return A_LESS_THAN_B;
 }

 Datum
@ -132,11 +149,11 @@ btint8cmp(PG_FUNCTION_ARGS)
 	int64		b = PG_GETARG_INT64(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 static int
@ -146,11 +163,11 @@ btint8fastcmp(Datum x, Datum y, SortSupport ssup)
 	int64		b = DatumGetInt64(y);

 	if (a > b)
-		return 1;
+		return A_GREATER_THAN_B;
 	else if (a == b)
 		return 0;
 	else
-		return -1;
+		return A_LESS_THAN_B;
 }

 Datum
@ -169,11 +186,11 @@ btint48cmp(PG_FUNCTION_ARGS)
 	int64		b = PG_GETARG_INT64(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 Datum
@ -183,11 +200,11 @@ btint84cmp(PG_FUNCTION_ARGS)
 	int32		b = PG_GETARG_INT32(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 Datum
@ -197,11 +214,11 @@ btint24cmp(PG_FUNCTION_ARGS)
 	int32		b = PG_GETARG_INT32(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 Datum
@ -211,11 +228,11 @@ btint42cmp(PG_FUNCTION_ARGS)
 	int16		b = PG_GETARG_INT16(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 Datum
@ -225,11 +242,11 @@ btint28cmp(PG_FUNCTION_ARGS)
 	int64		b = PG_GETARG_INT64(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 Datum
@ -239,11 +256,11 @@ btint82cmp(PG_FUNCTION_ARGS)
 	int16		b = PG_GETARG_INT16(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 Datum
@ -253,11 +270,11 @@ btoidcmp(PG_FUNCTION_ARGS)
 	Oid			b = PG_GETARG_OID(1);

 	if (a > b)
-		PG_RETURN_INT32(1);
+		PG_RETURN_INT32(A_GREATER_THAN_B);
 	else if (a == b)
 		PG_RETURN_INT32(0);
 	else
-		PG_RETURN_INT32(-1);
+		PG_RETURN_INT32(A_LESS_THAN_B);
 }

 static int
@ -267,11 +284,11 @@ btoidfastcmp(Datum x, Datum y, SortSupport ssup)
 	Oid			b = DatumGetObjectId(y);

 	if (a > b)
-		return 1;
+		return A_GREATER_THAN_B;
 	else if (a == b)
 		return 0;
 	else
-		return -1;
+		return A_LESS_THAN_B;
 }

 Datum
@ -299,9 +316,9 @@ btoidvectorcmp(PG_FUNCTION_ARGS)
 		if (a->values[i] != b->values[i])
 		{
 			if (a->values[i] > b->values[i])
-				PG_RETURN_INT32(1);
+				PG_RETURN_INT32(A_GREATER_THAN_B);
 			else
-				PG_RETURN_INT32(-1);
+				PG_RETURN_INT32(A_LESS_THAN_B);
 		}
 	}
 	PG_RETURN_INT32(0);
--- a/src/backend/access/nbtree/nbtsearch.c
+++ b/src/backend/access/nbtree/nbtsearch.c
@ -500,7 +500,7 @@ _bt_compare(Relation rel,
 													 scankey->sk_argument));

 			if (!(scankey->sk_flags & SK_BT_DESC))
-				result = -result;
+				INVERT_COMPARE_RESULT(result);
 		}

 		/* if the keys are unequal, return the difference */
--- a/src/backend/access/nbtree/nbtutils.c
+++ b/src/backend/access/nbtree/nbtutils.c
@ -518,7 +518,7 @@ _bt_compare_array_elements(const void *a, const void *b, void *arg)
 											  cxt->collation,
 											  da, db));
 	if (cxt->reverse)
-		compare = -compare;
+		INVERT_COMPARE_RESULT(compare);
 	return compare;
 }

@ -1652,7 +1652,7 @@ _bt_check_rowcompare(ScanKey skey, IndexTuple tuple, TupleDesc tupdesc,
 													subkey->sk_argument));

 		if (subkey->sk_flags & SK_BT_DESC)
-			cmpresult = -cmpresult;
+			INVERT_COMPARE_RESULT(cmpresult);

 		/* Done comparing if unequal, else advance to next column */
 		if (cmpresult != 0)
--- a/src/backend/executor/nodeGatherMerge.c
+++ b/src/backend/executor/nodeGatherMerge.c
@ -756,7 +756,10 @@ heap_compare_slots(Datum a, Datum b, void *arg)
 									  datum2, isNull2,
 									  sortKey);
 		if (compare != 0)
-			return -compare;
+		{
+			INVERT_COMPARE_RESULT(compare);
+			return compare;
+		}
 	}
 	return 0;
 }
--- a/src/backend/executor/nodeIndexscan.c
+++ b/src/backend/executor/nodeIndexscan.c
@ -469,9 +469,10 @@ reorderqueue_cmp(const pairingheap_node *a, const pairingheap_node *b,
 	ReorderTuple *rtb = (ReorderTuple *) b;
 	IndexScanState *node = (IndexScanState *) arg;

-	return -cmp_orderbyvals(rta->orderbyvals, rta->orderbynulls,
-							rtb->orderbyvals, rtb->orderbynulls,
-							node);
+	/* exchange argument order to invert the sort order */
+	return cmp_orderbyvals(rtb->orderbyvals, rtb->orderbynulls,
+						   rta->orderbyvals, rta->orderbynulls,
+						   node);
 }

 /*
--- a/src/backend/executor/nodeMergeAppend.c
+++ b/src/backend/executor/nodeMergeAppend.c
@ -257,7 +257,10 @@ heap_compare_slots(Datum a, Datum b, void *arg)
 									  datum2, isNull2,
 									  sortKey);
 		if (compare != 0)
-			return -compare;
+		{
+			INVERT_COMPARE_RESULT(compare);
+			return compare;
+		}
 	}
 	return 0;
 }