Re: [HACKERS] [sqlsmith] Infinite recursion in bitshift
Merlin Moncurewrites: > On Fri, Oct 14, 2016 at 3:31 PM, Tom Lane wrote: >> Poking around in varbit.c, I noticed some other places that were assuming >> that a typmod couldn't exceed VARBITMAXLEN. > Curious -- are there real world scenarios where this would happen? I think you'd have to be intentionally trying to break it. The largest varbit typmod you're allowed to declare normally is only ~ 80 million. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [sqlsmith] Infinite recursion in bitshift
On Fri, Oct 14, 2016 at 3:31 PM, Tom Lanewrote: > Andreas Seltenreich writes: >> Tom Lane writes: >>> Seems sane, though I wonder if it'd be better to use -INT_MAX rather >>> than -VARBITMAXLEN. > >> I am undecided between those two. -INT_MAX might be a more precise fix >> for the problem, but the extra distance to the danger zone was kind of >> soothing :-). > > Yeah, might as well use the tighter limit. > > Poking around in varbit.c, I noticed some other places that were assuming > that a typmod couldn't exceed VARBITMAXLEN. anybit_typmodin() enforces > that, but there are places where a user can shove in an arbitrary integer, > eg > > regression=# select "bit"(42, 2147483647); > ERROR: invalid memory alloc request size 18446744073441116169 > > I fixed those too and pushed it. Thanks for the report! Curious -- are there real world scenarios where this would happen? merlin -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [sqlsmith] Infinite recursion in bitshift
Andreas Seltenreichwrites: > Tom Lane writes: >> Seems sane, though I wonder if it'd be better to use -INT_MAX rather >> than -VARBITMAXLEN. > I am undecided between those two. -INT_MAX might be a more precise fix > for the problem, but the extra distance to the danger zone was kind of > soothing :-). Yeah, might as well use the tighter limit. Poking around in varbit.c, I noticed some other places that were assuming that a typmod couldn't exceed VARBITMAXLEN. anybit_typmodin() enforces that, but there are places where a user can shove in an arbitrary integer, eg regression=# select "bit"(42, 2147483647); ERROR: invalid memory alloc request size 18446744073441116169 I fixed those too and pushed it. Thanks for the report! regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [sqlsmith] Infinite recursion in bitshift
Tom Lane writes: >> This is due to an integer overflow in bitshiftright()/bitshiftleft() >> leading to them recursively calling each other. Patch attached. > > Seems sane, though I wonder if it'd be better to use -INT_MAX rather > than -VARBITMAXLEN. I am undecided between those two. -INT_MAX might be a more precise fix for the problem, but the extra distance to the danger zone was kind of soothing :-). regards, Andreas -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [sqlsmith] Infinite recursion in bitshift
Andreas Seltenreichwrites: > sqlsmith just found another crasher: > select bit '1' >> (-2^31)::int; Nice catch :-) > This is due to an integer overflow in bitshiftright()/bitshiftleft() > leading to them recursively calling each other. Patch attached. Seems sane, though I wonder if it'd be better to use -INT_MAX rather than -VARBITMAXLEN. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers