Re: Fix overflow in pg_size_pretty
David Rowley <dgrowleyml@gmail.com>
From: David Rowley <dgrowleyml@gmail.com>
To: Joseph Koshakow <koshy44@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-07-28T03:42:36Z
Lists: pgsql-hackers
Attachments
On Sun, 28 Jul 2024 at 13:10, Joseph Koshakow <koshy44@gmail.com> wrote: > > On Sat, Jul 27, 2024 at 8:00 PM David Rowley <dgrowleyml@gmail.com> wrote: > > What if we spelt it out the same way as pg_lltoa() does? > > > > i.e: uint64 usize = size < 0 ? 0 - (uint64) size : (uint64) size; > > My understanding of pg_lltoa() is that it produces an underflow and > relies wrapping around from 0 to PG_UINT64_MAX. In fact the following > SQL, which relies on pg_lltoa() under the hood, panics with `-ftrapv` > enabled (which panics on underflows and overflows): > > SELECT int8out(-9223372036854775808); I didn't test to see where that's coming from, but I did test the two attached .c files. int.c uses the 0 - (unsigned int) var method and int2.c uses (unsigned int) (-var). Using clang and -ftrapv, I get: $ clang int.c -o int -O2 -ftrapv $ ./int 2147483648 $ clang int2.c -o int2 -O2 -ftrapv $ ./int2 Illegal instruction Similar with gcc: $ gcc int.c -o int -O2 -ftrapv $ ./int 2147483648 $ gcc int2.c -o int2 -O2 -ftrapv $ ./int2 Aborted I suspect your trap must be coming from somewhere else. It looks to me like the "uint64 usize = size < 0 ? 0 - (uint64) size : (uint64) size;" will be fine. David
Commits
-
Fix incorrect return value for pg_size_pretty(bigint)
- 0a80e88d902d 15.8 landed
- 6f6b0f193db4 16.4 landed
- 1e020258e53c 17.0 landed
- b181062aa572 18.0 landed