Home > mailing lists

Re: BUG #18247: Integer overflow leads to negative width - Mailing list pgsql-bugs

From	Richard Guo
Subject	Re: BUG #18247: Integer overflow leads to negative width
Date	December 15, 2023 12:01:45
Msg-id	CAMbWs4_JdZmiFCQf++kx33Lwb_9GG582Axnj1DNWwvz7FLBcKg@mail.gmail.com Whole thread Raw
In response to	Re: BUG #18247: Integer overflow leads to negative width (Alexander Lakhin <exclusion@gmail.com>)
Responses	Re: BUG #18247: Integer overflow leads to negative width
List	pgsql-bugs

Tree view

On Fri, Dec 15, 2023 at 2:00 PM Alexander Lakhin <exclusion@gmail.com> wrote:

Your patch looks good to me, but maybe you would find it suitable to fix in
passing one more integer overflow in costsize.c?

Concretely, the query:
CREATE TABLE t(id int PRIMARY KEY, i int);
EXPLAIN (VERBOSE)
UPDATE t SET i = ni FROM (SELECT g id, 1 ni FROM generate_series(1, 2147483648) g) s WHERE t.id = s.id;

when executed with ubsan-enabled build, gives:
costsize.c:1017:12: runtime error: 2.14748e+09 is outside the range of representable values of type 'int'
#0 0x5603325818e0 in cost_bitmap_heap_scan .../src/backend/optimizer/path/costsize.c:1017:12
#1 0x5603326cc519 in create_bitmap_heap_path .../src/backend/optimizer/util/pathnode.c:1065:2

Nice catch. The overflow occurs when cost_bitmap_heap_scan() calls
compute_bitmap_pages(), and the loop_count parameter is converted from
double to int. I wonder if we can change the loop_count parameter to be
double for compute_bitmap_pages() to avoid such overflow.

Thanks
Richard

pgsql-bugs by date:

From: PG Bug reporting form
Date: 15 December 2023, 09:09:18
Subject: BUG #18249: pg_dump/pg_restore single schema with function1 calling function2

From: Alexander Lakhin
Date: 15 December 2023, 13:00:01
Subject: Re: BUG #18246: pgstathashindex() attempts to read invalid file for hash index attached to partitioned table

Re: BUG #18247: Integer overflow leads to negative width - Mailing list pgsql-bugs

Previous

Next