From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Geoghegan <pg(at)bowt(dot)ie> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Sergey Koposov <skoposov(at)cmu(dot)edu>, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #14722: Segfault in tuplesort_heap_siftup, 32 bit overflow |
Date: | 2017-07-12 16:20:53 |
Message-ID: | 007e3020-3d27-8ac8-7269-9db7ebe9a8bf@iki.fi |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 07/12/2017 07:14 PM, Tom Lane wrote:
> Peter Geoghegan <pg(at)bowt(dot)ie> writes:
>> On Wed, Jul 12, 2017 at 8:42 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>>> Another option to use "unsigned int", on the assumption that UINT_MAX >=
>>>> INT_MAX * 2 + 1.
>
>>> Ah, that seems like a fine idea.
>
>> Works for me.
>
> I'll go make it so, unless Heikki's already on it?
I'm not. Thanks!
>> And to eliminate that assumption, we can use (UINT_MAX
>> - 1) / 2 as the maximum size of the memtuples array, rather than INT_MAX.
>
> Uh ... what assumption? That's certainly true on any twos-complement
> machine. Besides, if you're worried about hypothetical portability
> issues, ...
Right, it's a hypothetical portability issue. The assumption we're
making is that UINT_MAX >= INT_MAX * 2 + 1. I'm not aware of any system
where it's not true, but I don't know what the C standards say about that.
> ... I'm not sure it's any better to assume that (UINT_MAX - 1) / 2
> fits in a signed int.
Well, you could do Min(INT_MAX, (UINT_MAX - 1 / 2). Or just add a
StaticAssertion for it. Or just note in a comment that we're making that
assumption.
- Heikki
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2017-07-12 16:46:56 | Re: BUG #14722: Segfault in tuplesort_heap_siftup, 32 bit overflow |
Previous Message | Tom Lane | 2017-07-12 16:14:54 | Re: BUG #14722: Segfault in tuplesort_heap_siftup, 32 bit overflow |