From 94bb6c4410d81ccc019bb60d8aedb73dbc85df76 Mon Sep 17 00:00:00 2001 From: Melanie Plageman Date: Fri, 20 Dec 2024 09:41:41 -0500 Subject: [PATCH] Fix overflow danger in SampleHeapTupleVisible(), take 2 28328ec87b45725 addressed one overflow danger in SampleHeapTupleVisible() but introduced another, albeit a less likely one. Modify the binary search code to remove this danger. Reported-by: Richard Guo Reviewed-by: Richard Guo, Ranier Vilela Discussion: https://postgr.es/m/CAMbWs4_bE%2BNscChbKWzw6HZOipCUyXfA5133qvoXQ654D3B2gQ%40mail.gmail.com --- src/backend/access/heap/heapam_handler.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/src/backend/access/heap/heapam_handler.c b/src/backend/access/heap/heapam_handler.c index 9f17baea5d6..53f572f384b 100644 --- a/src/backend/access/heap/heapam_handler.c +++ b/src/backend/access/heap/heapam_handler.c @@ -2574,11 +2574,8 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer, if (scan->rs_flags & SO_ALLOW_PAGEMODE) { - uint32 start, - end; - - if (hscan->rs_ntuples == 0) - return false; + uint32 start = 0, + end = hscan->rs_ntuples; /* * In pageatatime mode, heap_prepare_pagescan() already did visibility @@ -2589,18 +2586,15 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer, * in increasing order, but it's not clear that there would be enough * gain to justify the restriction. */ - start = 0; - end = hscan->rs_ntuples - 1; - - while (start <= end) + while (start < end) { - uint32 mid = (start + end) / 2; + uint32 mid = start + (end - start) / 2; OffsetNumber curoffset = hscan->rs_vistuples[mid]; if (tupoffset == curoffset) return true; else if (tupoffset < curoffset) - end = mid - 1; + end = mid; else start = mid + 1; } -- 2.30.2