Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sB52N-00E9bb-9I for pgsql-hackers@arkaria.postgresql.org; Sun, 26 May 2024 03:59:12 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sB52N-003Mze-5x for pgsql-hackers@arkaria.postgresql.org; Sun, 26 May 2024 03:59:11 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sB52M-003MzW-T3 for pgsql-hackers@lists.postgresql.org; Sun, 26 May 2024 03:59:10 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sB52K-0021FJ-CE for pgsql-hackers@lists.postgresql.org; Sun, 26 May 2024 03:59:09 +0000 Received: from pro.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 44Q3x571943142; Sat, 25 May 2024 23:59:05 -0400 From: Tom Lane To: Michael Paquier cc: Xing Guo , pgsql-hackers@lists.postgresql.org Subject: Re: Fix an incorrect assertion condition in mdwritev(). In-reply-to: References: Comments: In-reply-to Michael Paquier message dated "Sun, 26 May 2024 09:22:06 +0900" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1932.1716695945.1@sss.pgh.pa.us> Date: Sat, 25 May 2024 23:59:05 -0400 Message-ID: <1933.1716695945@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Michael Paquier writes: > On Sat, May 25, 2024 at 11:52:22PM +0800, Xing Guo wrote: >> #ifdef CHECK_WRITE_VS_EXTEND >> - Assert(blocknum < mdnblocks(reln, forknum)); >> + Assert(blocknum + nblocks <= mdnblocks(reln, forknum)); >> #endif > Yes, it looks like you're right that this can be made stricter, > computing the number of blocks we're adding in the number calculated > (aka adding one block to this number fails immediately at initdb). Hmm ... I agree that this is better normally. But there's an edge case where it would fail to notice a problem that the existing code does notice: if blocknum is close to UINT32_MAX and adding nblocks causes it to wrap around to a small value. Is there an inexpensive way to catch that? (If not, it's not a reason to block this patch; but let's think about it while we're here.) regards, tom lane