- Notifications
You must be signed in to change notification settings - Fork28
Commit09c5988
committed
Avoid integer overflow while sifting-up a heap in tuplesort.c.
If the number of tuples in the heap exceeds approximately INT_MAX/2,this loop's calculation "2*i+1" could overflow, resulting in a crash.Fix it by using unsigned int rather than int for the relevant localvariables; that shouldn't cost anything extra on any popular hardware.Per bug #14722 from Sergey Koposov.Original patch by Sergey Koposov, modified by me per a suggestionfrom Heikki Linnakangas to use unsigned int not int64.Back-patch to 9.4, where tuplesort.c grew the ability to sort as manyas INT_MAX tuples in-memory (commit263865a).Discussion:https://postgr.es/m/20170629161637.1478.93109@wrigleys.postgresql.org1 parent0a2d07c commit09c5988
1 file changed
+7
-2
lines changedLines changed: 7 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3800 | 3800 | | |
3801 | 3801 | | |
3802 | 3802 | | |
3803 | | - | |
| 3803 | + | |
3804 | 3804 | | |
3805 | 3805 | | |
3806 | 3806 | | |
| |||
3809 | 3809 | | |
3810 | 3810 | | |
3811 | 3811 | | |
| 3812 | + | |
| 3813 | + | |
| 3814 | + | |
| 3815 | + | |
| 3816 | + | |
3812 | 3817 | | |
3813 | 3818 | | |
3814 | 3819 | | |
3815 | 3820 | | |
3816 | 3821 | | |
3817 | | - | |
| 3822 | + | |
3818 | 3823 | | |
3819 | 3824 | | |
3820 | 3825 | | |
| |||
0 commit comments
Comments
(0)