granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Mon, 23 May 2011 16:52:46 +0000 (12:52 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Mon, 23 May 2011 16:52:46 +0000 (12:52 -0400)
commit	299d1716525c659f0e02840e31fbe4dea3cc796c
tree	a51b5da55bcbee7108c8d9e61b5e79e2c5fba791	tree \| snapshot
parent	a9b6519606a4a95ae8052f8414841d02bcfe4582	commit \| diff

Install defenses against overflow in BuildTupleHashTable().

The planner can sometimes compute very large values for numGroups, and in
cases where we have no alternative to building a hashtable, such a value
will get fed directly to BuildTupleHashTable as its nbuckets parameter.
There were two ways in which that could go bad.  First, BuildTupleHashTable
declared the parameter as "int" but most callers were passing "long"s,
so on 64-bit machines undetected overflow could occur leading to a bogus
negative value.  The obvious fix for that is to change the parameter to
"long", which is what I've done in HEAD.  In the back branches that seems a
bit risky, though, since third-party code might be calling this function.
So for them, just put in a kluge to treat negative inputs as INT_MAX.
Second, hash_create can go nuts with extremely large requested table sizes
(notably, my_log2 becomes an infinite loop for inputs larger than
LONG_MAX/2).  What seems most appropriate to avoid that is to bound the
initial table size request to work_mem.

This fixes bug #6035 reported by Daniel Schreiber.  Although the reported
case only occurs back to 8.4 since it involves WITH RECURSIVE, I think
it's a good idea to install the defenses in all supported branches.

src/backend/executor/execGrouping.c		diff \| blob \| history
src/backend/executor/nodeSubplan.c		diff \| blob \| history
src/include/executor/executor.h		diff \| blob \| history