NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitc87cb5f

committed

Allow btree comparison functions to return INT_MIN.

Historically we forbade datatype-specific comparison functions fromreturning INT_MIN, so that it would be safe to invert the sort orderjust by negating the comparison result. However, this was neverreally safe for comparison functions that directly return the resultof memcmp(), strcmp(), etc, as POSIX doesn't place any such restrictionon those library functions. Buildfarm results show that at least onrecent Linux on s390x, memcmp() actually does return INT_MIN sometimes,causing sort failures.The agreed-on answer is to remove this restriction and fix relevantcall sites to not make such an assumption; code such as "res = -res"should be replaced by "INVERT_COMPARE_RESULT(res)". The same is neededin a few places that just directly negated the result of memcmp orstrcmp.To help find places having this problem, I've also added a compile optionto nbtcompare.c that causes some of the commonly used comparators toreturn INT_MIN/INT_MAX instead of their usual -1/+1. It'd likely bea good idea to have at least one buildfarm member running with"-DSTRESS_SORT_INT_MIN". That's far from a complete test of course,but it should help to prevent fresh introductions of such bugs.This is a longstanding portability hazard, so back-patch to all supportedbranches.Discussion:https://postgr.es/m/20180928185215.ffoq2xrq5d3pafna@alap3.anarazel.de

1 parent113a659 commitc87cb5fCopy full SHA for c87cb5f

File tree

13 files changed

+92

-61

lines changed

contrib
- ltree
  - ltree_op.c
- pgcrypto
  - imath.c
doc/src/sgml
- btree.sgml
src
- backend
  - access/nbtree
  - executor
- bin/pg_rewind
  - filemap.c
- include
  - access
    - nbtree.h
  - c.h
  - utils
    - sortsupport.h

13 files changed

+92

-61

lines changed

`‎contrib/ltree/ltree_op.c`

Lines changed: 9 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,17 +45,24 @@ ltree_compare(const ltree a, const ltree b)`
`45`	`45`	`ltree_level*bl=LTREE_FIRST(b);`
`46`	`46`	`intan=a->numlevel;`
`47`	`47`	`intbn=b->numlevel;`
`48`		`-intres=0;`
`49`	`48`
`50`	`49`	`while (an>0&&bn>0)`
`51`	`50`	`{`
	`51`	`+intres;`
	`52`	`+`
`52`	`53`	`if ((res=memcmp(al->name,bl->name,Min(al->len,bl->len)))==0)`
`53`	`54`	`{`
`54`	`55`	`if (al->len!=bl->len)`
`55`	`56`	`return (al->len-bl->len)10 (an+1);`
`56`	`57`	`}`
`57`	`58`	`else`
	`59`	`+{`
	`60`	`+if (res<0)`
	`61`	`+res=-1;`
	`62`	`+else`
	`63`	`+res=1;`
`58`	`64`	`returnres10 (an+1);`
	`65`	`+}`
`59`	`66`
`60`	`67`	`an--;`
`61`	`68`	`bn--;`
`@@ -146,7 +153,7 @@ inner_isparent(const ltree c, const ltree p)`
`146`	`153`	`{`
`147`	`154`	`if (cl->len!=pl->len)`
`148`	`155`	`return false;`
`149`		`-if (memcmp(cl->name,pl->name,cl->len))`
	`156`	`+if (memcmp(cl->name,pl->name,cl->len)!=0)`
`150`	`157`	`return false;`
`151`	`158`
`152`	`159`	`pn--;`

`‎contrib/pgcrypto/imath.c`

Lines changed: 6 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1254,11 +1254,9 @@ mp_int_compare(mp_int a, mp_int b)`
`1254`	`1254`	`* If they're both zero or positive, the normal comparison applies; if`
`1255`	`1255`	`* both negative, the sense is reversed.`
`1256`	`1256`	`*/`
`1257`		`-if (sa==MP_ZPOS)`
`1258`		`-returncmp;`
`1259`		`-else`
`1260`		`-return-cmp;`
`1261`		`-`
	`1257`	`+if (sa!=MP_ZPOS)`
	`1258`	`+INVERT_COMPARE_RESULT(cmp);`
	`1259`	`+returncmp;`
`1262`	`1260`	`}`
`1263`	`1261`	`else`
`1264`	`1262`	`{`
`@@ -1314,10 +1312,9 @@ mp_int_compare_value(mp_int z, int value)`
`1314`	`1312`	`{`
`1315`	`1313`	`cmp=s_vcmp(z,value);`
`1316`	`1314`
`1317`		`-if (vsign==MP_ZPOS)`
`1318`		`-returncmp;`
`1319`		`-else`
`1320`		`-return-cmp;`
	`1315`	`+if (vsign!=MP_ZPOS)`
	`1316`	`+INVERT_COMPARE_RESULT(cmp);`
	`1317`	`+returncmp;`
`1321`	`1318`	`}`
`1322`	`1319`	`else`
`1323`	`1320`	`{`

`‎doc/src/sgml/btree.sgml`

Lines changed: 2 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -228,11 +228,8 @@`
`228`	`228`	`<replaceable>B</replaceable>, <replaceable>A</replaceable>`
`229`	`229`	`<literal>=</literal> <replaceable>B</replaceable>,`
`230`	`230`	`or <replaceable>A</replaceable> <literal>></literal>`
`231`		`- <replaceable>B</replaceable>, respectively. The function must not`
`232`		`- return <literal>INT_MIN</literal> for the <replaceable>A</replaceable>`
`233`		`- <literal><</literal> <replaceable>B</replaceable> case,`
`234`		`- since the value may be negated before being tested for sign. A null`
`235`		`- result is disallowed, too.`
	`231`	`+ <replaceable>B</replaceable>, respectively.`
	`232`	`+ A null result is disallowed: all values of the data type must be comparable.`
`236`	`233`	`See <filename>src/backend/access/nbtree/nbtcompare.c</filename> for`
`237`	`234`	`examples.`
`238`	`235`	`</para>`

`‎src/backend/access/nbtree/nbtcompare.c`

Lines changed: 47 additions & 30 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,11 +22,10 @@`
`22`	`22`	`*`
`23`	`23`	`*The result is always an int32 regardless of the input datatype.`
`24`	`24`	`*`
`25`		`- *Although any negative int32(except INT_MIN)is acceptable for reporting`
`26`		`- *"<",and any positive int32 is acceptable for reporting ">", routines`
	`25`	`+ *Although any negative int32 is acceptable for reporting "<",`
	`26`	`+ *and any positive int32 is acceptable for reporting ">", routines`
`27`	`27`	`*that work on 32-bit or wider datatypes can't just return "a - b".`
`28`		`- *That could overflow and give the wrong answer. Also, one must not`
`29`		`- *return INT_MIN to report "<", since some callers will negate the result.`
	`28`	`+ *That could overflow and give the wrong answer.`
`30`	`29`	`*`
`31`	`30`	`*NOTE: it is critical that the comparison function impose a total order`
`32`	`31`	`*on all non-NULL values of the data type, and that the datatype's`
`@@ -44,13 +43,31 @@`
`44`	`43`	`*during an index access won't be recovered till end of query. This`
`45`	`44`	`*primarily affects comparison routines for toastable datatypes;`
`46`	`45`	`*they have to be careful to free any detoasted copy of an input datum.`
	`46`	`+ *`
	`47`	`+ *NOTE: we used to forbid comparison functions from returning INT_MIN,`
	`48`	`+ *but that proves to be too error-prone because some platforms' versions`
	`49`	`+ *of memcmp() etc can return INT_MIN. As a means of stress-testing`
	`50`	`+ *callers, this file can be compiled with STRESS_SORT_INT_MIN defined`
	`51`	`+ *to cause many of these functions to return INT_MIN or INT_MAX instead of`
	`52`	`+ *their customary -1/+1. For production, though, that's not a good idea`
	`53`	`+ *since users or third-party code might expect the traditional results.`
`47`	`54`	`*-------------------------------------------------------------------------`
`48`	`55`	`*/`
`49`	`56`	`#include"postgres.h"`
`50`	`57`
	`58`	`+#include<limits.h>`
	`59`	`+`
`51`	`60`	`#include"utils/builtins.h"`
`52`	`61`	`#include"utils/sortsupport.h"`
`53`	`62`
	`63`	`+#ifdefSTRESS_SORT_INT_MIN`
	`64`	`+#defineA_LESS_THAN_BINT_MIN`
	`65`	`+#defineA_GREATER_THAN_BINT_MAX`
	`66`	`+#else`
	`67`	`+#defineA_LESS_THAN_B(-1)`
	`68`	`+#defineA_GREATER_THAN_B1`
	`69`	`+#endif`
	`70`	`+`
`54`	`71`
`55`	`72`	`Datum`
`56`	`73`	`btboolcmp(PG_FUNCTION_ARGS)`
`@@ -95,11 +112,11 @@ btint4cmp(PG_FUNCTION_ARGS)`
`95`	`112`	`int32b=PG_GETARG_INT32(1);`
`96`	`113`
`97`	`114`	`if (a>b)`
`98`		`-PG_RETURN_INT32(1);`
	`115`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`99`	`116`	`elseif (a==b)`
`100`	`117`	`PG_RETURN_INT32(0);`
`101`	`118`	`else`
`102`		`-PG_RETURN_INT32(-1);`
	`119`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`103`	`120`	`}`
`104`	`121`
`105`	`122`	`staticint`
`@@ -109,11 +126,11 @@ btint4fastcmp(Datum x, Datum y, SortSupport ssup)`
`109`	`126`	`int32b=DatumGetInt32(y);`
`110`	`127`
`111`	`128`	`if (a>b)`
`112`		`-return1;`
	`129`	`+returnA_GREATER_THAN_B;`
`113`	`130`	`elseif (a==b)`
`114`	`131`	`return0;`
`115`	`132`	`else`
`116`		`-return-1;`
	`133`	`+returnA_LESS_THAN_B;`
`117`	`134`	`}`
`118`	`135`
`119`	`136`	`Datum`
`@@ -132,11 +149,11 @@ btint8cmp(PG_FUNCTION_ARGS)`
`132`	`149`	`int64b=PG_GETARG_INT64(1);`
`133`	`150`
`134`	`151`	`if (a>b)`
`135`		`-PG_RETURN_INT32(1);`
	`152`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`136`	`153`	`elseif (a==b)`
`137`	`154`	`PG_RETURN_INT32(0);`
`138`	`155`	`else`
`139`		`-PG_RETURN_INT32(-1);`
	`156`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`140`	`157`	`}`
`141`	`158`
`142`	`159`	`staticint`
`@@ -146,11 +163,11 @@ btint8fastcmp(Datum x, Datum y, SortSupport ssup)`
`146`	`163`	`int64b=DatumGetInt64(y);`
`147`	`164`
`148`	`165`	`if (a>b)`
`149`		`-return1;`
	`166`	`+returnA_GREATER_THAN_B;`
`150`	`167`	`elseif (a==b)`
`151`	`168`	`return0;`
`152`	`169`	`else`
`153`		`-return-1;`
	`170`	`+returnA_LESS_THAN_B;`
`154`	`171`	`}`
`155`	`172`
`156`	`173`	`Datum`
`@@ -169,11 +186,11 @@ btint48cmp(PG_FUNCTION_ARGS)`
`169`	`186`	`int64b=PG_GETARG_INT64(1);`
`170`	`187`
`171`	`188`	`if (a>b)`
`172`		`-PG_RETURN_INT32(1);`
	`189`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`173`	`190`	`elseif (a==b)`
`174`	`191`	`PG_RETURN_INT32(0);`
`175`	`192`	`else`
`176`		`-PG_RETURN_INT32(-1);`
	`193`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`177`	`194`	`}`
`178`	`195`
`179`	`196`	`Datum`
`@@ -183,11 +200,11 @@ btint84cmp(PG_FUNCTION_ARGS)`
`183`	`200`	`int32b=PG_GETARG_INT32(1);`
`184`	`201`
`185`	`202`	`if (a>b)`
`186`		`-PG_RETURN_INT32(1);`
	`203`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`187`	`204`	`elseif (a==b)`
`188`	`205`	`PG_RETURN_INT32(0);`
`189`	`206`	`else`
`190`		`-PG_RETURN_INT32(-1);`
	`207`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`191`	`208`	`}`
`192`	`209`
`193`	`210`	`Datum`
`@@ -197,11 +214,11 @@ btint24cmp(PG_FUNCTION_ARGS)`
`197`	`214`	`int32b=PG_GETARG_INT32(1);`
`198`	`215`
`199`	`216`	`if (a>b)`
`200`		`-PG_RETURN_INT32(1);`
	`217`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`201`	`218`	`elseif (a==b)`
`202`	`219`	`PG_RETURN_INT32(0);`
`203`	`220`	`else`
`204`		`-PG_RETURN_INT32(-1);`
	`221`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`205`	`222`	`}`
`206`	`223`
`207`	`224`	`Datum`
`@@ -211,11 +228,11 @@ btint42cmp(PG_FUNCTION_ARGS)`
`211`	`228`	`int16b=PG_GETARG_INT16(1);`
`212`	`229`
`213`	`230`	`if (a>b)`
`214`		`-PG_RETURN_INT32(1);`
	`231`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`215`	`232`	`elseif (a==b)`
`216`	`233`	`PG_RETURN_INT32(0);`
`217`	`234`	`else`
`218`		`-PG_RETURN_INT32(-1);`
	`235`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`219`	`236`	`}`
`220`	`237`
`221`	`238`	`Datum`
`@@ -225,11 +242,11 @@ btint28cmp(PG_FUNCTION_ARGS)`
`225`	`242`	`int64b=PG_GETARG_INT64(1);`
`226`	`243`
`227`	`244`	`if (a>b)`
`228`		`-PG_RETURN_INT32(1);`
	`245`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`229`	`246`	`elseif (a==b)`
`230`	`247`	`PG_RETURN_INT32(0);`
`231`	`248`	`else`
`232`		`-PG_RETURN_INT32(-1);`
	`249`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`233`	`250`	`}`
`234`	`251`
`235`	`252`	`Datum`
`@@ -239,11 +256,11 @@ btint82cmp(PG_FUNCTION_ARGS)`
`239`	`256`	`int16b=PG_GETARG_INT16(1);`
`240`	`257`
`241`	`258`	`if (a>b)`
`242`		`-PG_RETURN_INT32(1);`
	`259`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`243`	`260`	`elseif (a==b)`
`244`	`261`	`PG_RETURN_INT32(0);`
`245`	`262`	`else`
`246`		`-PG_RETURN_INT32(-1);`
	`263`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`247`	`264`	`}`
`248`	`265`
`249`	`266`	`Datum`
`@@ -253,11 +270,11 @@ btoidcmp(PG_FUNCTION_ARGS)`
`253`	`270`	`Oidb=PG_GETARG_OID(1);`
`254`	`271`
`255`	`272`	`if (a>b)`
`256`		`-PG_RETURN_INT32(1);`
	`273`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`257`	`274`	`elseif (a==b)`
`258`	`275`	`PG_RETURN_INT32(0);`
`259`	`276`	`else`
`260`		`-PG_RETURN_INT32(-1);`
	`277`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`261`	`278`	`}`
`262`	`279`
`263`	`280`	`staticint`
`@@ -267,11 +284,11 @@ btoidfastcmp(Datum x, Datum y, SortSupport ssup)`
`267`	`284`	`Oidb=DatumGetObjectId(y);`
`268`	`285`
`269`	`286`	`if (a>b)`
`270`		`-return1;`
	`287`	`+returnA_GREATER_THAN_B;`
`271`	`288`	`elseif (a==b)`
`272`	`289`	`return0;`
`273`	`290`	`else`
`274`		`-return-1;`
	`291`	`+returnA_LESS_THAN_B;`
`275`	`292`	`}`
`276`	`293`
`277`	`294`	`Datum`
`@@ -299,9 +316,9 @@ btoidvectorcmp(PG_FUNCTION_ARGS)`
`299`	`316`	`if (a->values[i]!=b->values[i])`
`300`	`317`	`{`
`301`	`318`	`if (a->values[i]>b->values[i])`
`302`		`-PG_RETURN_INT32(1);`
	`319`	`+PG_RETURN_INT32(A_GREATER_THAN_B);`
`303`	`320`	`else`
`304`		`-PG_RETURN_INT32(-1);`
	`321`	`+PG_RETURN_INT32(A_LESS_THAN_B);`
`305`	`322`	`}`
`306`	`323`	`}`
`307`	`324`	`PG_RETURN_INT32(0);`

`‎src/backend/access/nbtree/nbtsearch.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -530,7 +530,7 @@ _bt_compare(Relation rel,`
`530`	`530`	`scankey->sk_argument));`
`531`	`531`
`532`	`532`	`if (!(scankey->sk_flags&SK_BT_DESC))`
`533`		`-result=-result;`
	`533`	`+INVERT_COMPARE_RESULT(result);`
`534`	`534`	`}`
`535`	`535`
`536`	`536`	`/* if the keys are unequal, return the difference */`

`‎src/backend/access/nbtree/nbtutils.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -518,7 +518,7 @@ _bt_compare_array_elements(const void a, const void b, void *arg)`
`518`	`518`	`cxt->collation,`
`519`	`519`	`da,db));`
`520`	`520`	`if (cxt->reverse)`
`521`		`-compare=-compare;`
	`521`	`+INVERT_COMPARE_RESULT(compare);`
`522`	`522`	`returncompare;`
`523`	`523`	`}`
`524`	`524`
`@@ -1652,7 +1652,7 @@ _bt_check_rowcompare(ScanKey skey, IndexTuple tuple, TupleDesc tupdesc,`
`1652`	`1652`	`subkey->sk_argument));`
`1653`	`1653`
`1654`	`1654`	`if (subkey->sk_flags&SK_BT_DESC)`
`1655`		`-cmpresult=-cmpresult;`
	`1655`	`+INVERT_COMPARE_RESULT(cmpresult);`
`1656`	`1656`
`1657`	`1657`	`/* Done comparing if unequal, else advance to next column */`
`1658`	`1658`	`if (cmpresult!=0)`

`‎src/backend/executor/nodeGatherMerge.c`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -755,7 +755,10 @@ heap_compare_slots(Datum a, Datum b, void *arg)`
`755`	`755`	`datum2,isNull2,`
`756`	`756`	`sortKey);`
`757`	`757`	`if (compare!=0)`
`758`		`-return-compare;`
	`758`	`+{`
	`759`	`+INVERT_COMPARE_RESULT(compare);`
	`760`	`+returncompare;`
	`761`	`+}`
`759`	`762`	`}`
`760`	`763`	`return0;`
`761`	`764`	`}`

`‎src/backend/executor/nodeIndexscan.c`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -467,9 +467,10 @@ reorderqueue_cmp(const pairingheap_node a, const pairingheap_node b,`
`467`	`467`	`ReorderTuplertb= (ReorderTuple)b;`
`468`	`468`	`IndexScanStatenode= (IndexScanState)arg;`
`469`	`469`
`470`		`-return-cmp_orderbyvals(rta->orderbyvals,rta->orderbynulls,`
`471`		`-rtb->orderbyvals,rtb->orderbynulls,`
`472`		`-node);`
	`470`	`+/* exchange argument order to invert the sort order */`
	`471`	`+returncmp_orderbyvals(rtb->orderbyvals,rtb->orderbynulls,`
	`472`	`+rta->orderbyvals,rta->orderbynulls,`
	`473`	`+node);`
`473`	`474`	`}`
`474`	`475`
`475`	`476`	`/*`

`‎src/backend/executor/nodeMergeAppend.c`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -338,7 +338,10 @@ heap_compare_slots(Datum a, Datum b, void *arg)`
`338`	`338`	`datum2,isNull2,`
`339`	`339`	`sortKey);`
`340`	`340`	`if (compare!=0)`
`341`		`-return-compare;`
	`341`	`+{`
	`342`	`+INVERT_COMPARE_RESULT(compare);`
	`343`	`+returncompare;`
	`344`	`+}`
`342`	`345`	`}`
`343`	`346`	`return0;`
`344`	`347`	`}`

`‎src/bin/pg_rewind/filemap.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -810,7 +810,7 @@ final_filemap_cmp(const void a, const void b)`
`810`	`810`	`return-1;`
`811`	`811`
`812`	`812`	`if (fa->action==FILE_ACTION_REMOVE)`
`813`		`-return-strcmp(fa->path,fb->path);`
	`813`	`+returnstrcmp(fb->path,fa->path);`
`814`	`814`	`else`
`815`	`815`	`returnstrcmp(fa->path,fb->path);`
`816`	`816`	`}`

`‎src/include/access/nbtree.h`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -274,8 +274,7 @@ typedef struct BTMetaPageData`
`274`	`274`	`*When a new operator class is declared, we require that the user`
`275`	`275`	`*supply us with an amproc procedure (BTORDER_PROC) for determining`
`276`	`276`	`*whether, for two keys a and b, a < b, a = b, or a > b. This routine`
`277`		`- *must return < 0, 0, > 0, respectively, in these three cases. (It must`
`278`		`- *not return INT_MIN, since we may negate the result before using it.)`
	`277`	`+ *must return < 0, 0, > 0, respectively, in these three cases.`
`279`	`278`	`*`
`280`	`279`	`*To facilitate accelerated sorting, an operator class may choose to`
`281`	`280`	`*offer a second procedure (BTSORTSUPPORT_PROC). For full details, see`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc87cb5f

File tree

13 files changed

13 files changed

`‎contrib/ltree/ltree_op.c`

`‎contrib/pgcrypto/imath.c`

`‎doc/src/sgml/btree.sgml`

`‎src/backend/access/nbtree/nbtcompare.c`

`‎src/backend/access/nbtree/nbtsearch.c`

`‎src/backend/access/nbtree/nbtutils.c`

`‎src/backend/executor/nodeGatherMerge.c`

`‎src/backend/executor/nodeIndexscan.c`

`‎src/backend/executor/nodeMergeAppend.c`

`‎src/bin/pg_rewind/filemap.c`

`‎src/include/access/nbtree.h`

0 commit comments