| From: | Andrey Lepikhov <a(dot)lepikhov(at)postgrespro(dot)ru> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Negative value of numGroups |
| Date: | 2022-05-13 06:56:43 |
| Message-ID: | ebbc2efb-7ef9-bf2f-1ada-d6ec48f70e58@postgrespro.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi,
Using sqlancer I've found curious vulnerability. In some places of the
code we convert LONG_MAX to double. After value of 2^53 double doesn't
correspond to a long value precisely. So, LONG_MAX can be converted into
'LONG_MAX + 1' double value. And string:
(long) Min(numGroups, (double) LONG_MAX);
can return negative value, if numGroups > LONG_MAX.
Maybe it isn't practical issue right now, but this annoying thing
doesn't allow to pass sqlancer tests sometimes, for example, with options:
--extensions='pg_stat_statements' --oracle HAVING
It is not difficult to fix the problem in-place, of course. But maybe do
better: change the type of numGroups field in any Plan nodes to double
and convert it into specific type right before usage?
--
Regards
Andrey Lepikhov
Postgres Professional
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laetitia Avrot | 2022-05-14 15:11:33 | Re: Statistics updates is delayed when using `commit and chain` |
| Previous Message | Tom Lane | 2022-05-12 14:51:22 | Re: BUG #17479: "plan should not reference subplan's variable" when calling `grouping` on result of subquery |