Fix overflow danger in SampleHeapTupleVisible(), take 2

28328ec87b45725 addressed one overflow danger in SampleHeapTupleVisible() but introduced another, albeit a less likely one. Modify the binary search code to remove this danger. Reported-by: Richard Guo Reviewed-by: Richard Guo, Ranier Vilela Discussion: https://postgr.es/m/CAMbWs4_bE%2BNscChbKWzw6HZOipCUyXfA5133qvoXQ654D3B2gQ%40mail.gmail.com
2025-05-29 16:21:20 +03:00 · 2024-12-20 09:41:41 -05:00 · 2024-12-20 09:41:41 -05:00 · 94bb6c4410
commit 94bb6c4410
parent 38c579b089
1 changed files with 5 additions and 11 deletions
--- a/src/backend/access/heap/heapam_handler.c
+++ b/src/backend/access/heap/heapam_handler.c
@ -2574,11 +2574,8 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,

 	if (scan->rs_flags & SO_ALLOW_PAGEMODE)
 	{
-		uint32		start,
-					end;
-
-		if (hscan->rs_ntuples == 0)
-			return false;
+		uint32		start = 0,
+					end = hscan->rs_ntuples;

 		/*
 		 * In pageatatime mode, heap_prepare_pagescan() already did visibility
@ -2589,18 +2586,15 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
 		 * in increasing order, but it's not clear that there would be enough
 		 * gain to justify the restriction.
 		 */
-		start = 0;
-		end = hscan->rs_ntuples - 1;
-
-		while (start <= end)
+		while (start < end)
 		{
-			uint32		mid = (start + end) / 2;
+			uint32		mid = start + (end - start) / 2;
 			OffsetNumber curoffset = hscan->rs_vistuples[mid];

 			if (tupoffset == curoffset)
 				return true;
 			else if (tupoffset < curoffset)
-				end = mid - 1;
+				end = mid;
 			else
 				start = mid + 1;
 		}