From: Melanie Plageman Date: Fri, 20 Dec 2024 14:41:41 +0000 (-0500) Subject: Fix overflow danger in SampleHeapTupleVisible(), take 2 X-Git-Tag: REL_18_BETA1~1227 X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=94bb6c4410d81ccc019bb60d8aedb73dbc85df76;p=postgresql.git Fix overflow danger in SampleHeapTupleVisible(), take 2 28328ec87b45725 addressed one overflow danger in SampleHeapTupleVisible() but introduced another, albeit a less likely one. Modify the binary search code to remove this danger. Reported-by: Richard Guo Reviewed-by: Richard Guo, Ranier Vilela Discussion: https://postgr.es/m/CAMbWs4_bE%2BNscChbKWzw6HZOipCUyXfA5133qvoXQ654D3B2gQ%40mail.gmail.com --- diff --git a/src/backend/access/heap/heapam_handler.c b/src/backend/access/heap/heapam_handler.c index 9f17baea5d6..53f572f384b 100644 --- a/src/backend/access/heap/heapam_handler.c +++ b/src/backend/access/heap/heapam_handler.c @@ -2574,11 +2574,8 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer, if (scan->rs_flags & SO_ALLOW_PAGEMODE) { - uint32 start, - end; - - if (hscan->rs_ntuples == 0) - return false; + uint32 start = 0, + end = hscan->rs_ntuples; /* * In pageatatime mode, heap_prepare_pagescan() already did visibility @@ -2589,18 +2586,15 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer, * in increasing order, but it's not clear that there would be enough * gain to justify the restriction. */ - start = 0; - end = hscan->rs_ntuples - 1; - - while (start <= end) + while (start < end) { - uint32 mid = (start + end) / 2; + uint32 mid = start + (end - start) / 2; OffsetNumber curoffset = hscan->rs_vistuples[mid]; if (tupoffset == curoffset) return true; else if (tupoffset < curoffset) - end = mid - 1; + end = mid; else start = mid + 1; }