Fix incorrect size check in statext_dependencies_deserialize

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ilia Evdokimov <[email protected]>
To: PostgreSQL Hackers <[email protected]>
Subject: Fix incorrect size check in statext_dependencies_deserialize
Date: Tue, 19 May 2026 17:29:56 +0300
Message-ID: <[email protected]> (raw)

Hi hackers,

I noticed an issue in `statext_dependencies_deserialize()`. The sanity 
check uses `SizeOfItem` to validate the bytea size, but `SizeOfItem()` 
expects the number of attributes in a single dependency, not the number 
of dependencies. This means the check is computing the size of one 
dependency with ndeps attributes, which is incorrect.

It should use `MinSizeOfItems` instead, which correctly computes the 
minimum expected size as the header plus `ndeps` minimally-sized 
dependency items.

Notably, the similar function for ndistinct extended statistics 
`statext_ndistinct_deserialize()` already uses `MinSizeOfItems` 
correctly, which suggests this is a typo rather than an intentional choice.

--
Best regards,
Ilia Evdokimov,
Tantor Labs LLC,
https://tantorlabs.com/


Attachments:

  [text/x-patch] v1-0001-Fix-size-check-in-statext_dependencies_deserializ.patch (1.3K, 2-v1-0001-Fix-size-check-in-statext_dependencies_deserializ.patch)
  download | inline diff:
From 5e760b9d63c12ef504a3fd3be75dd2511211165b Mon Sep 17 00:00:00 2001
From: Evdokimov Ilia <[email protected]>
Date: Tue, 19 May 2026 17:17:01 +0300
Subject: [PATCH v1] Fix size check in statext_dependencies_deserialize()

The sanity check was using SizeOfItem(dependencies->ndeps) to validate
the bytea size, but SizeOfItem() expects the number of attributes in a
single dependency, not the number of dependencies. Replace it with
MinSizeOfItems(ndeps), which correctly computes the minimum expected
size as the header plus ndeps minimally-sized dependency items.
---
 src/backend/statistics/dependencies.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/statistics/dependencies.c b/src/backend/statistics/dependencies.c
index e3a2f5817e0..95dcc218978 100644
--- a/src/backend/statistics/dependencies.c
+++ b/src/backend/statistics/dependencies.c
@@ -529,7 +529,7 @@ statext_dependencies_deserialize(bytea *data)
 		elog(ERROR, "invalid zero-length item array in MVDependencies");
 
 	/* what minimum bytea size do we expect for those parameters */
-	min_expected_size = SizeOfItem(dependencies->ndeps);
+	min_expected_size = MinSizeOfItems(dependencies->ndeps);
 
 	if (VARSIZE_ANY_EXHDR(data) < min_expected_size)
 		elog(ERROR, "invalid dependencies size %zu (expected at least %zu)",
-- 
2.34.1

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: Fix incorrect size check in statext_dependencies_deserialize
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox