Re: Avoid overflow with simplehash

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Ranier Vilela <ranier.vf@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2023-07-06T14:37:17Z
Lists: pgsql-hackers
> On 6 Jul 2023, at 16:28, Ranier Vilela <ranier.vf@gmail.com> wrote:

> The function SH_START_ITERATE can trigger some overflow.
> 
> See:
> typedef struct SH_ITERATOR
> {
> uint32 cur; /* current element */
> uint32 end;
> bool done; /* iterator exhausted? */
> } SH_ITERATOR;
> 
> The cur field is uint32 size and currently can be stored a uint64,
> which obviously does not fit.

-	Assert(startelem < SH_MAX_SIZE);
+	Assert(startelem < PG_UINT32_MAX);

I mighe be missing something, but from skimming the current code, SH_MAX_SIZE
is currently defined as:

#define SH_MAX_SIZE (((uint64) PG_UINT32_MAX) + 1)

Can you show a reproducer example where you are able to overflow?

--
Daniel Gustafsson




Commits

  1. Fix type of iterator variable in SH_START_ITERATE