public inbox for [email protected]
help / color / mirror / Atom feedFrom: Nathan Bossart <[email protected]>
To: Joseph Koshakow <[email protected]>
Cc: jian he <[email protected]>
Cc: Alexander Lakhin <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Andres Freund <[email protected]>
Subject: Re: Remove dependence on integer wrapping
Date: Mon, 22 Jul 2024 10:17:55 -0500
Message-ID: <Zp54I4WMbWW6AQnP@nathan> (raw)
In-Reply-To: <CAAvxfHfdPgtqFqsb=Nxa1oc6GsQ_U+k3rfneo-EjYG4bne_ksw@mail.gmail.com>
References: <CAAvxfHdX-t03LvxROxbyodBrtzBzZQEKdKB0FCpEr+p1JnFxsA@mail.gmail.com>
<ZpVAvLbtUPnK1JKe@nathan>
<CAAvxfHdYnTB7BjkRSPO8__wxB3880TiYD-TVU2uW8q1KbzymPg@mail.gmail.com>
<Zpa0m_OVw_iWYicV@nathan>
<CAAvxfHeFDyNZj+rjcuMkh+VTSYmhb_ZPpbdqZUJcjnT=X3ampA@mail.gmail.com>
<CACJufxFkTACY6MprpewMncdOpL9dpZBcAGtc6WLfnScLknS3DA@mail.gmail.com>
<CAAvxfHfeUmVMXU6883in2H-jJ+Vn2=mcSgVpsNDRTTK=OYDjoA@mail.gmail.com>
<ZpqesU46GIKUvtmS@nathan>
<Zpq0XUQ9neudWYgC@nathan>
<CAAvxfHfdPgtqFqsb=Nxa1oc6GsQ_U+k3rfneo-EjYG4bne_ksw@mail.gmail.com>
On Fri, Jul 19, 2024 at 07:32:18PM -0400, Joseph Koshakow wrote:
> On Fri, Jul 19, 2024 at 2:45 PM Nathan Bossart <[email protected]>
> wrote:
>> + /* dim[i] = 1 + upperIndx[i] - lowerIndx[i]; */
>> + if (pg_add_s32_overflow(1, upperIndx[i], &dim[i]))
>> + ereport(ERROR,
>> + (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
>> + errmsg("array upper bound is too large: %d",
>> + upperIndx[i])));
>> + if (pg_sub_s32_overflow(dim[i], lowerIndx[i], &dim[i]))
>> + ereport(ERROR,
>> + (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
>> + errmsg("array size exceeds the maximum allowed
> (%d)",
>> + (int) MaxArraySize)));
>>
>> I think the problem with fixing it this way is that it prohibits more than
>> is necessary.
>
> My understanding is that 2147483647 (INT32_MAX) is not a valid upper
> bound, which is what the first overflow check is checking. Any query of
> the form
> `INSERT INTO arroverflowtest(i[<lb>:2147483647]) VALUES ('{...}');`
> will fail with an error of
> `ERROR: array lower bound is too large: <lb>`
>
> The reason is the following bounds check found in arrayutils.c
>
> /*
> * Verify sanity of proposed lower-bound values for an array
> *
> * The lower-bound values must not be so large as to cause overflow when
> * calculating subscripts, e.g. lower bound 2147483640 with length 10
> * must be disallowed. We actually insist that dims[i] + lb[i] be
> * computable without overflow, meaning that an array with last
> subscript
> * equal to INT_MAX will be disallowed.
I see. I'm still not sure that this is the right place to enforce this
check, especially given we explicitly check the bounds later on in
construct_md_array(). Am I understanding correctly that the main
behavioral difference between these two approaches is that users will see
different error messages?
--
nathan
view thread (17+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Remove dependence on integer wrapping
In-Reply-To: <Zp54I4WMbWW6AQnP@nathan>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox