| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Daniel Verite <daniel(at)manitou-mail(dot)org> |
| Cc: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, Ronan Dunklau <ronan(dot)dunklau(at)dalibo(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_dump / copy bugs with "big lines" ? |
| Date: | 2016-12-09 16:26:17 |
| Message-ID: | 20161209162617.nut4aurtvwmo5bex@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel Verite wrote:
> My tests are OK too but I see an issue with the code in
> enlargeStringInfo(), regarding integer overflow.
> The bit of comment that says:
>
> Note we are assuming here that limit <= INT_MAX/2, else the above
> loop could overflow.
>
> is obsolete, it's now INT_MAX instead of INT_MAX/2.
Hmm, I think what it really needs to say there is UINT_MAX/2, which is
what we really care about. I may be all wet, but what I see is that the
expression
(((Size) 1) << (sizeof(int32) * 8 - 1)) - 1
which is what we use as limit is exactly half the unsigned 32-bit
integer range. So I would just update the constant in that comment
instead of removing it completely. (We're still relying on the loop not
to overflow in 32-bit machines, surely).
> There's a related problem here:
> newlen = 2 * str->maxlen;
> while (needed > newlen)
> newlen = 2 * newlen;
> str->maxlen is an int going up to INT_MAX so [2 * str->maxlen] now
> *will* overflow when [str->maxlen > INT_MAX/2].
> Eventually it somehow works because of this:
> if (newlen > limit)
> newlen = limit;
> but newlen is wonky (when resulting from int overflow)
> before being brought back to limit.
Yeah, this is bogus and your patch looks correct to me.
I propose this:
diff --git a/src/backend/lib/stringinfo.c b/src/backend/lib/stringinfo.c
index b618b37..a1d786d 100644
--- a/src/backend/lib/stringinfo.c
+++ b/src/backend/lib/stringinfo.c
@@ -313,13 +313,13 @@ enlargeStringInfo(StringInfo str, int needed)
* for efficiency, double the buffer size each time it overflows.
* Actually, we might need to more than double it if 'needed' is big...
*/
- newlen = 2 * str->maxlen;
+ newlen = 2 * (Size) str->maxlen;
while (needed > newlen)
newlen = 2 * newlen;
/*
* Clamp to the limit in case we went past it. Note we are assuming here
- * that limit <= INT_MAX/2, else the above loop could overflow. We will
+ * that limit <= UINT_MAX/2, else the above loop could overflow. We will
* still have newlen >= needed.
*/
if (newlen > limit)
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2016-12-09 17:17:32 | Re: jsonb problematic operators |
| Previous Message | Peter Eisentraut | 2016-12-09 16:08:23 | Re: Logical Replication WIP |