On Wed, May 31, 2023 at 09:00:00AM +0300, Alexander Lakhin wrote:
> The NOTICE appeared there in commit 08ee64ebf5 (from year 2005) in an
> attempt to get rid of flags (ISLEAFKEY(in)) [1] and probably expressed
> an intention to play gently (don't break compatibility?).
Good question. This commit or its related thread don't tell much.
FWIW, these are two things that don't make much sense to me:
1) to allow the compression to work with that many elements with its
code unable to handle that, while storing incorrect data.
2) the decompression fails entirely to cope with that.
> The patch proposed at [2] looks correct to me. Thank you, Ankit!
> Though I would add a simple case to the intarray regression test and also
> add errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED) to other two places in
> _int_gist.c for the sake of consistency.
The error is different in ~9.6 and 10~, where we would not get a crash
before that. But We do get a lot of write past chunk end WARNINGs
instead.
Saying that, being able to corrupt the server at will with a gist
operator that can be installed is no good either, so your suggestion
of made of the two patches is OK by me. Based on my read of the code,
this prevents the compression to store data it would not be able to
handle on decompression. Now, I have to admit that I am not the most
verse with this area.
Likely that's something we'd better backpatch, to avoid people playing
with that too much in the back-branches. Thoughts or objections?
--
Michael