Fix overflow danger in SampleHeapTupleVisible(), take 2

28328ec87b45725 addressed one overflow danger in
SampleHeapTupleVisible() but introduced another, albeit a less likely
one. Modify the binary search code to remove this danger.

Reported-by: Richard Guo
Reviewed-by: Richard Guo, Ranier Vilela
Discussion: https://postgr.es/m/CAMbWs4_bE%2BNscChbKWzw6HZOipCUyXfA5133qvoXQ654D3B2gQ%40mail.gmail.com

diff --git a/src/backend/access/heap/heapam_handler.c b/src/backend/access/heap/heapam_handler.c
index 9f17baea5d6ecec7f84b699c597d8065aca75d1c..53f572f384b70a2e99b1d18c0007ab3c1385773a 100644 (file)
--- a/src/backend/access/heap/heapam_handler.c
+++ b/src/backend/access/heap/heapam_handler.c
@@ -2574,11 +2574,8 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
 
    if (scan->rs_flags & SO_ALLOW_PAGEMODE)
    {
-       uint32      start,
-                   end;
-
-       if (hscan->rs_ntuples == 0)
-           return false;
+       uint32      start = 0,
+                   end = hscan->rs_ntuples;
 
        /*
         * In pageatatime mode, heap_prepare_pagescan() already did visibility
@@ -2589,18 +2586,15 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
         * in increasing order, but it's not clear that there would be enough
         * gain to justify the restriction.
         */
-       start = 0;
-       end = hscan->rs_ntuples - 1;
-
-       while (start <= end)
+       while (start < end)
        {
-           uint32      mid = (start + end) / 2;
+           uint32      mid = start + (end - start) / 2;
            OffsetNumber curoffset = hscan->rs_vistuples[mid];
 
            if (tupoffset == curoffset)
                return true;
            else if (tupoffset < curoffset)
-               end = mid - 1;
+               end = mid;
            else
                start = mid + 1;
        }