From: Masahiko Sawada Date: Mon, 25 Mar 2024 03:06:41 +0000 (+0900) Subject: Fix potential integer handling issue in radixtree.h. X-Git-Tag: REL_17_BETA1~536 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=80d5d4937c168af46c976feebe24765ad76eb540;p=thirdparty%2Fpostgresql.git Fix potential integer handling issue in radixtree.h. Coverity complained about the integer handling issue; if we start with an arbitrary non-negative shift value, the loop may decrement it down to something less than zero before exiting. This commit adds an assertion to make sure the 'shift' is always 0 after the loop, and uses 0 as the shift to get the key chunk in the following operation. Introduced by ee1b30f12. Reported-by: Tom Lane as per coverity Reviewed-by: Tom Lane Discussion: https://postgr.es/m/2089517.1711299216%40sss.pgh.pa.us --- diff --git a/src/include/lib/radixtree.h b/src/include/lib/radixtree.h index b8ad51c14dd..5fe89134a5e 100644 --- a/src/include/lib/radixtree.h +++ b/src/include/lib/radixtree.h @@ -1615,10 +1615,11 @@ RT_EXTEND_DOWN(RT_RADIX_TREE * tree, RT_PTR_ALLOC * parent_slot, uint64 key, int node = child; shift -= RT_SPAN; } + Assert(shift == 0); /* Reserve slot for the value. */ n4 = (RT_NODE_4 *) node.local; - n4->chunks[0] = RT_GET_KEY_CHUNK(key, shift); + n4->chunks[0] = RT_GET_KEY_CHUNK(key, 0); n4->base.count = 1; return &n4->children[0];