forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commit512f67c
committed
Avoid integer overflow while sifting-up a heap in tuplesort.c.
If the number of tuples in the heap exceeds approximately INT_MAX/2,this loop's calculation "2*i+1" could overflow, resulting in a crash.Fix it by using unsigned int rather than int for the relevant localvariables; that shouldn't cost anything extra on any popular hardware.Per bug #14722 from Sergey Koposov.Original patch by Sergey Koposov, modified by me per a suggestionfrom Heikki Linnakangas to use unsigned int not int64.Back-patch to 9.4, where tuplesort.c grew the ability to sort as manyas INT_MAX tuples in-memory (commit263865a).Discussion:https://postgr.es/m/20170629161637.1478.93109@wrigleys.postgresql.org1 parentca906f6 commit512f67c
1 file changed
+7
-2
lines changedLines changed: 7 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3490 | 3490 | | |
3491 | 3491 | | |
3492 | 3492 | | |
3493 | | - | |
| 3493 | + | |
3494 | 3494 | | |
3495 | 3495 | | |
3496 | 3496 | | |
3497 | 3497 | | |
3498 | 3498 | | |
3499 | 3499 | | |
3500 | 3500 | | |
| 3501 | + | |
| 3502 | + | |
| 3503 | + | |
| 3504 | + | |
| 3505 | + | |
3501 | 3506 | | |
3502 | 3507 | | |
3503 | 3508 | | |
3504 | 3509 | | |
3505 | | - | |
| 3510 | + | |
3506 | 3511 | | |
3507 | 3512 | | |
3508 | 3513 | | |
| |||
0 commit comments
Comments
(0)