diff options
| author | Andres Freund <andres@anarazel.de> | 2023-03-30 09:50:18 -0700 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2023-03-30 10:26:10 -0700 |
| commit | 558cf803876874c55d637a1e87417fa1c670efe1 (patch) | |
| tree | 0fdbce8b809889d7d3a96f431d9f17f0f6eae995 /src | |
| parent | e9d202a1499d6a70e80d080fcdba07fe6707845d (diff) | |
| download | postgresql-558cf803876874c55d637a1e87417fa1c670efe1.tar.gz postgresql-558cf803876874c55d637a1e87417fa1c670efe1.zip | |
bufmgr: Fix undefined behaviour with, unrealistically, large temp_buffers
Quoting Melanie:
> Since if buffer is INT_MAX, then the -(buffer + 1) version invokes
> undefined behavior while the -buffer - 1 version doesn't.
All other places were already using the correct version. I (Andres), copied
the code into more places in a patch. Melanie caught it in review, but to
prevent more people from copying the bad code, fix it. Even if it is a
theoretical issue.
We really ought to wrap these accesses in a helper function...
As this is a theoretical issue, don't backpatch.
Reported-by: Melanie Plageman <melanieplageman@gmail.com>
Discussion: https://postgr.es/m/CAAKRu_aW2SX_LWtwHgfnqYpBrunMLfE9PD6-ioPpkh92XH0qpg@mail.gmail.com
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/storage/buffer/localbuf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/storage/buffer/localbuf.c b/src/backend/storage/buffer/localbuf.c index 5325ddb663d..68b4817c67b 100644 --- a/src/backend/storage/buffer/localbuf.c +++ b/src/backend/storage/buffer/localbuf.c @@ -305,7 +305,7 @@ MarkLocalBufferDirty(Buffer buffer) fprintf(stderr, "LB DIRTY %d\n", buffer); #endif - bufid = -(buffer + 1); + bufid = -buffer - 1; Assert(LocalRefCount[bufid] > 0); |