Re: BUG #18247: Integer overflow leads to negative width

Поиск
Список
Период
Сортировка
От Richard Guo
Тема Re: BUG #18247: Integer overflow leads to negative width
Дата
Msg-id CAMbWs4_JdZmiFCQf++kx33Lwb_9GG582Axnj1DNWwvz7FLBcKg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: BUG #18247: Integer overflow leads to negative width  (Alexander Lakhin <exclusion@gmail.com>)
Ответы Re: BUG #18247: Integer overflow leads to negative width  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-bugs
Дерево обсуждения

On Fri, Dec 15, 2023 at 2:00 PM Alexander Lakhin <exclusion@gmail.com> wrote:
Your patch looks good to me, but maybe you would find it suitable to fix in
passing one more integer overflow in costsize.c?

Concretely, the query:
CREATE TABLE t(id int PRIMARY KEY, i int);
EXPLAIN (VERBOSE)
UPDATE t SET i = ni FROM (SELECT g id, 1 ni FROM generate_series(1, 2147483648) g) s WHERE t.id = s.id;

when executed with ubsan-enabled build, gives:
costsize.c:1017:12: runtime error: 2.14748e+09 is outside the range of representable values of type 'int'
    #0 0x5603325818e0 in cost_bitmap_heap_scan .../src/backend/optimizer/path/costsize.c:1017:12
    #1 0x5603326cc519 in create_bitmap_heap_path .../src/backend/optimizer/util/pathnode.c:1065:2

Nice catch.  The overflow occurs when cost_bitmap_heap_scan() calls
compute_bitmap_pages(), and the loop_count parameter is converted from
double to int.  I wonder if we can change the loop_count parameter to be
double for compute_bitmap_pages() to avoid such overflow.

Thanks
Richard

В списке pgsql-bugs по дате отправления:

Предыдущее
От: PG Bug reporting form
Дата:
Сообщение: BUG #18249: pg_dump/pg_restore single schema with function1 calling function2
Следующее
От: Alexander Lakhin
Дата:
Сообщение: Re: BUG #18246: pgstathashindex() attempts to read invalid file for hash index attached to partitioned table