From: | Richard Guo <guofenglinux(at)gmail(dot)com> |
---|---|
To: | Alexander Lakhin <exclusion(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, rekgrpth(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: BUG #18247: Integer overflow leads to negative width |
Date: | 2023-12-15 12:01:45 |
Message-ID: | CAMbWs4_JdZmiFCQf++kx33Lwb_9GG582Axnj1DNWwvz7FLBcKg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Fri, Dec 15, 2023 at 2:00 PM Alexander Lakhin <exclusion(at)gmail(dot)com>
wrote:
> Your patch looks good to me, but maybe you would find it suitable to fix in
> passing one more integer overflow in costsize.c?
>
> Concretely, the query:
> CREATE TABLE t(id int PRIMARY KEY, i int);
> EXPLAIN (VERBOSE)
> UPDATE t SET i = ni FROM (SELECT g id, 1 ni FROM generate_series(1,
> 2147483648) g) s WHERE t.id = s.id;
>
> when executed with ubsan-enabled build, gives:
> costsize.c:1017:12: runtime error: 2.14748e+09 is outside the range of
> representable values of type 'int'
> #0 0x5603325818e0 in cost_bitmap_heap_scan
> .../src/backend/optimizer/path/costsize.c:1017:12
> #1 0x5603326cc519 in create_bitmap_heap_path
> .../src/backend/optimizer/util/pathnode.c:1065:2
>
Nice catch. The overflow occurs when cost_bitmap_heap_scan() calls
compute_bitmap_pages(), and the loop_count parameter is converted from
double to int. I wonder if we can change the loop_count parameter to be
double for compute_bitmap_pages() to avoid such overflow.
Thanks
Richard
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander Lakhin | 2023-12-15 13:00:01 | Re: BUG #18246: pgstathashindex() attempts to read invalid file for hash index attached to partitioned table |
Previous Message | PG Bug reporting form | 2023-12-15 09:09:18 | BUG #18249: pg_dump/pg_restore single schema with function1 calling function2 |