database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-05 23:56:58 +03:00
Code

Fix overflow danger in SampleHeapTupleVisible(), take 2

Browse Source 
28328ec87b45725 addressed one overflow danger in
SampleHeapTupleVisible() but introduced another, albeit a less likely
one. Modify the binary search code to remove this danger.

Reported-by: Richard Guo
Reviewed-by: Richard Guo, Ranier Vilela
Discussion: https://postgr.es/m/CAMbWs4_bE%2BNscChbKWzw6HZOipCUyXfA5133qvoXQ654D3B2gQ%40mail.gmail.com
This commit is contained in:
Melanie Plageman 2024-12-20 09:41:41 -05:00
parent 38c579b089
commit 94bb6c4410
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/backend/access/heap/heapam_handler.c
View File

@ -2574,11 +2574,8 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
if (scan->rs_flags & SO_ALLOW_PAGEMODE) if (scan->rs_flags & SO_ALLOW_PAGEMODE)
{ {
uint32 start, uint32 start = 0,
end; end = hscan->rs_ntuples;
if (hscan->rs_ntuples == 0)
return false;
/* /*
* In pageatatime mode, heap_prepare_pagescan() already did visibility * In pageatatime mode, heap_prepare_pagescan() already did visibility
@ -2589,18 +2586,15 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
* in increasing order, but it's not clear that there would be enough * in increasing order, but it's not clear that there would be enough
* gain to justify the restriction. * gain to justify the restriction.
*/ */
start = 0; while (start < end)
end = hscan->rs_ntuples - 1;
while (start <= end)
{ {
uint32 mid = (start + end) / 2; uint32 mid = start + (end - start) / 2;
OffsetNumber curoffset = hscan->rs_vistuples[mid]; OffsetNumber curoffset = hscan->rs_vistuples[mid];
if (tupoffset == curoffset) if (tupoffset == curoffset)
return true; return true;
else if (tupoffset < curoffset) else if (tupoffset < curoffset)
end = mid - 1; end = mid;
else else
start = mid + 1; start = mid + 1;
} }