diff options
| author | Peter Geoghegan <pg@bowt.ie> | 2021-09-22 19:21:36 -0700 |
|---|---|---|
| committer | Peter Geoghegan <pg@bowt.ie> | 2021-09-22 19:21:36 -0700 |
| commit | c7aeb775df895db240dcd6f47242f7e08899adfb (patch) | |
| tree | f2e2e1c50c46d176623570d168d00dda18049278 /src | |
| parent | 85c69611288f4096b7460d980bedaa777f824d24 (diff) | |
| download | postgresql-c7aeb775df895db240dcd6f47242f7e08899adfb.tar.gz postgresql-c7aeb775df895db240dcd6f47242f7e08899adfb.zip | |
Document issue with heapam line pointer truncation.
Checking that an offset number isn't past the end of a heap page's line
pointer array was just a defensive sanity check for HOT-chain traversal
code before commit 3c3b8a4b. It's etrictly necessary now, though. Add
comments that reference the issue to code in heapam that needs to get it
right.
Per suggestion from Alexander Lakhin.
Discussion: https://postgr.es/m/f76a292c-9170-1aef-91a0-59d9443b99a3@gmail.com
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/access/heap/heapam.c | 11 | ||||
| -rw-r--r-- | src/backend/access/heap/pruneheap.c | 22 |
2 files changed, 27 insertions, 6 deletions
diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index 972fdbcb92f..2a264c6ac1f 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -7483,8 +7483,15 @@ heap_index_delete_tuples(Relation rel, TM_IndexDeleteOp *delstate) ItemId lp; HeapTupleHeader htup; - /* Some sanity checks */ - if (offnum < FirstOffsetNumber || offnum > maxoff) + /* Sanity check (pure paranoia) */ + if (offnum < FirstOffsetNumber) + break; + + /* + * An offset past the end of page's line pointer array is possible + * when the array was truncated + */ + if (offnum > maxoff) break; lp = PageGetItemId(page, offnum); diff --git a/src/backend/access/heap/pruneheap.c b/src/backend/access/heap/pruneheap.c index 15ca1b304a0..db6912e9fa5 100644 --- a/src/backend/access/heap/pruneheap.c +++ b/src/backend/access/heap/pruneheap.c @@ -581,8 +581,15 @@ heap_prune_chain(Buffer buffer, OffsetNumber rootoffnum, PruneState *prstate) bool tupdead, recent_dead; - /* Some sanity checks */ - if (offnum < FirstOffsetNumber || offnum > maxoff) + /* Sanity check (pure paranoia) */ + if (offnum < FirstOffsetNumber) + break; + + /* + * An offset past the end of page's line pointer array is possible + * when the array was truncated (original item must have been unused) + */ + if (offnum > maxoff) break; /* If item is already processed, stop --- it must not be same chain */ @@ -962,8 +969,15 @@ heap_get_root_tuples(Page page, OffsetNumber *root_offsets) */ for (;;) { - /* Sanity check */ - if (nextoffnum < FirstOffsetNumber || nextoffnum > maxoff) + /* Sanity check (pure paranoia) */ + if (offnum < FirstOffsetNumber) + break; + + /* + * An offset past the end of page's line pointer array is possible + * when the array was truncated + */ + if (offnum > maxoff) break; lp = PageGetItemId(page, nextoffnum); |