| From: | Peter Geoghegan <pg(at)bowt(dot)ie> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Sergey Koposov <skoposov(at)cmu(dot)edu>, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14722: Segfault in tuplesort_heap_siftup, 32 bit overflow |
| Date: | 2017-07-12 17:16:02 |
| Message-ID: | CAH2-WzkqvpkJ6LYHaaZVUS_MwXsHBTOOEHdBE_hwQxzUqvoGbQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Wed, Jul 12, 2017 at 6:15 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> Another option to use "unsigned int", on the assumption that UINT_MAX >=
> INT_MAX * 2 + 1. And to eliminate that assumption, we can use (UINT_MAX - 1)
> / 2 as the maximum size of the memtuples array, rather than INT_MAX.
FWIW, memtupcount is allowed to go negative. It just won't in this
function, per the assertion. So the fix should be specifically scoped
to only the one function that is affected. That's a good idea anyway,
of course.
--
Peter Geoghegan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2017-07-12 17:42:55 | Re: BUG #14722: Segfault in tuplesort_heap_siftup, 32 bit overflow |
| Previous Message | Tom Lane | 2017-07-12 16:53:08 | Re: BUG #14722: Segfault in tuplesort_heap_siftup, 32 bit overflow |