| From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Avoid overflow with simplehash |
| Date: | 2023-07-06 14:42:17 |
| Message-ID: | CAEudQAp27pPfDkbwM5A1btAqtR6yZWbiN4h1206edV-ZvyTURw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Em qui., 6 de jul. de 2023 às 11:37, Daniel Gustafsson <daniel(at)yesql(dot)se>
escreveu:
> > On 6 Jul 2023, at 16:28, Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> wrote:
>
> > The function SH_START_ITERATE can trigger some overflow.
> >
> > See:
> > typedef struct SH_ITERATOR
> > {
> > uint32 cur; /* current element */
> > uint32 end;
> > bool done; /* iterator exhausted? */
> > } SH_ITERATOR;
> >
> > The cur field is uint32 size and currently can be stored a uint64,
> > which obviously does not fit.
>
> - Assert(startelem < SH_MAX_SIZE);
> + Assert(startelem < PG_UINT32_MAX);
>
> I mighe be missing something, but from skimming the current code,
> SH_MAX_SIZE
> is currently defined as:
>
> #define SH_MAX_SIZE (((uint64) PG_UINT32_MAX) + 1)
>
This is Assert, that is, in production this test is not done.
See the comments:
"Search for the first empty element."
If the empty element is not found, startelem has PG_UINT64_MAX value,
which do not fit in uint32.
Can you see this?
regards,
Ranier Vilela
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2023-07-06 14:54:12 | Re: Example Table AM implementation |
| Previous Message | Daniel Gustafsson | 2023-07-06 14:37:17 | Re: Avoid overflow with simplehash |