Fix overflow danger in SampleHeapTupleVisible()

68d9662be1c4b70 made HeapScanDesc->rs_ntuples unsigned but neglected to
change how it was being used in SampleHeapTupleVisible().

Return early if rs_ntuples is 0 to avoid overflowing and incorrectly
executing the loop code in SampleHeapTupleVisible().

Reported-by: Ranier Vilela
Discussion: https://postgr.es/m/CAEudQAot_xQoZyPZjpj1aBUPrPykY5mOPHGyvfe%3Djz%2BWowdA3A%40mail.gmail.com

diff --git a/src/backend/access/heap/heapam_handler.c b/src/backend/access/heap/heapam_handler.c
index d0e5922eed78acacd93628c9d37c1802f6d53927..689773ff2397a615597bc5c2b95877d64ecc0378 100644 (file)
--- a/src/backend/access/heap/heapam_handler.c
+++ b/src/backend/access/heap/heapam_handler.c
@@ -2577,6 +2577,12 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
 
        if (scan->rs_flags & SO_ALLOW_PAGEMODE)
        {
+               uint32          start,
+                                       end;
+
+               if (hscan->rs_ntuples == 0)
+                       return false;
+
                /*
                 * In pageatatime mode, heap_prepare_pagescan() already did visibility
                 * checks, so just look at the info it left in rs_vistuples[].
@@ -2586,12 +2592,12 @@ SampleHeapTupleVisible(TableScanDesc scan, Buffer buffer,
                 * in increasing order, but it's not clear that there would be enough
                 * gain to justify the restriction.
                 */
-               int                     start = 0,
-                                       end = hscan->rs_ntuples - 1;
+               start = 0;
+               end = hscan->rs_ntuples - 1;
 
                while (start <= end)
                {
-                       int                     mid = (start + end) / 2;
+                       uint32          mid = (start + end) / 2;
                        OffsetNumber curoffset = hscan->rs_vistuples[mid];
 
                        if (tupoffset == curoffset)