| From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Bug in numeric multiplication |
| Date: | 2015-11-17 19:42:46 |
| Message-ID: | CAEZATCVwwRN0NiC7h6vJ6Ksf1RYcyhM_qxL-GxJZ9DW6sJwMJQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 17 November 2015 at 14:43, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> writes:
>> I just noticed that div_var_fast() has almost identical code, and so
>> in principle it has the same vulnerability, although it obviously only
>> affects the transcendental functions.
>> I don't actually have a test case that triggers it, but it's basically
>> the same algorithm, so logically it needs the same additional headroom
>> to avoid a possible overflow.
>
> Hm, good point. I don't feel a compulsion to have a test case that
> proves it's broken before we fix it. Do you want to send a patch?
>
OK, here it is. It's slightly different from mul_var, because maxdiv
is tracking absolute values and the carry may be positive or negative,
and it's absolute value may be as high as INT_MAX / NBASE + 1 (when
it's negative), but otherwise the principle is the same.
Regards,
Dean
| Attachment | Content-Type | Size |
|---|---|---|
| div_var_fast.patch | text/x-diff | 1.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-11-17 20:00:29 | Re: proposal: multiple psql option -c |
| Previous Message | Thom Brown | 2015-11-17 19:42:42 | Re: Patch (3): Implement failover on libpq connect level. |