It's at least theoretically possible to overflow int32 when adding up
column width estimates to make a row width estimate. (The bug example
isn't terribly convincing as a real use-case, but perhaps wide joins
would provide a more plausible route to trouble.) This'd lead to
assertion failures or silly planner behavior. To forestall it, make
the relevant functions compute their running sums in int64 arithmetic
and then clamp to int32 range at the end. We can reasonably assume
that MaxAllocSize is a hard limit on actual tuple width, so clamping
to that is simply a correction for dubious input values, and there's
no need to go as far as widening width variables to int64 everywhere.
Per bug #18247 from RekGRpth. There've been no reports of this issue
arising in practical cases, so I feel no need to back-patch.
Richard Guo and Tom Lane
Discussion: https://postgr.es/m/18247-
11ac477f02954422@postgresql.org
return nrows;
}
+/*
+ * clamp_width_est
+ * Force a tuple-width estimate to a sane value.
+ *
+ * The planner represents datatype width and tuple width estimates as int32.
+ * When summing column width estimates to create a tuple width estimate,
+ * it's possible to reach integer overflow in edge cases. To ensure sane
+ * behavior, we form such sums in int64 arithmetic and then apply this routine
+ * to clamp to int32 range.
+ */
+int32
+clamp_width_est(int64 tuple_width)
+{
+ /*
+ * Anything more than MaxAllocSize is clearly bogus, since we could not
+ * create a tuple that large.
+ */
+ if (tuple_width > MaxAllocSize)
+ return (int32) MaxAllocSize;
+
+ /*
+ * Unlike clamp_row_est, we just Assert that the value isn't negative,
+ * rather than masking such errors.
+ */
+ Assert(tuple_width >= 0);
+
+ return (int32) tuple_width;
+}
+
/*
* clamp_cardinality_to_long
* Cast a Cardinality value to a sane long value.
set_rel_width(PlannerInfo *root, RelOptInfo *rel)
{
Oid reloid = planner_rt_fetch(rel->relid, root)->relid;
- int32 tuple_width = 0;
+ int64 tuple_width = 0;
bool have_wholerow_var = false;
ListCell *lc;
*/
if (have_wholerow_var)
{
- int32 wholerow_width = MAXALIGN(SizeofHeapTupleHeader);
+ int64 wholerow_width = MAXALIGN(SizeofHeapTupleHeader);
if (reloid != InvalidOid)
{
wholerow_width += rel->attr_widths[i - rel->min_attr];
}
- rel->attr_widths[0 - rel->min_attr] = wholerow_width;
+ rel->attr_widths[0 - rel->min_attr] = clamp_width_est(wholerow_width);
/*
* Include the whole-row Var as part of the output tuple. Yes, that
tuple_width += wholerow_width;
}
- Assert(tuple_width >= 0);
- rel->reltarget->width = tuple_width;
+ rel->reltarget->width = clamp_width_est(tuple_width);
}
/*
PathTarget *
set_pathtarget_cost_width(PlannerInfo *root, PathTarget *target)
{
- int32 tuple_width = 0;
+ int64 tuple_width = 0;
ListCell *lc;
/* Vars are assumed to have cost zero, but other exprs do not */
}
}
- Assert(tuple_width >= 0);
- target->width = tuple_width;
+ target->width = clamp_width_est(tuple_width);
return target;
}
* Note: a WindowFunc adds nothing to the target's eval costs; but
* we do need to account for the increase in tlist width.
*/
+ int64 tuple_width = window_target->width;
ListCell *lc2;
window_target = copy_pathtarget(window_target);
WindowFunc *wfunc = lfirst_node(WindowFunc, lc2);
add_column_to_pathtarget(window_target, (Expr *) wfunc, 0);
- window_target->width += get_typavgwidth(wfunc->wintype, -1);
+ tuple_width += get_typavgwidth(wfunc->wintype, -1);
}
+ window_target->width = clamp_width_est(tuple_width);
}
else
{
SpecialJoinInfo *sjinfo)
{
Relids relids = joinrel->relids;
+ int64 tuple_width = joinrel->reltarget->width;
ListCell *lc;
foreach(lc, root->placeholder_list)
cost_qual_eval_node(&cost, (Node *) phv->phexpr, root);
joinrel->reltarget->cost.startup += cost.startup;
joinrel->reltarget->cost.per_tuple += cost.per_tuple;
- joinrel->reltarget->width += phinfo->ph_width;
+ tuple_width += phinfo->ph_width;
}
}
phinfo->ph_lateral);
}
}
+
+ joinrel->reltarget->width = clamp_width_est(tuple_width);
}
/*
int32
get_rel_data_width(Relation rel, int32 *attr_widths)
{
- int32 tuple_width = 0;
+ int64 tuple_width = 0;
int i;
for (i = 1; i <= RelationGetNumberOfAttributes(rel); i++)
tuple_width += item_width;
}
- return tuple_width;
+ return clamp_width_est(tuple_width);
}
/*
#include "optimizer/clauses.h"
#include "optimizer/cost.h"
#include "optimizer/inherit.h"
+#include "optimizer/optimizer.h"
#include "optimizer/pathnode.h"
#include "optimizer/paths.h"
#include "optimizer/placeholder.h"
bool can_null)
{
Relids relids = joinrel->relids;
+ int64 tuple_width = joinrel->reltarget->width;
ListCell *vars;
ListCell *lc;
joinrel->reltarget->exprs = lappend(joinrel->reltarget->exprs,
phv);
/* Bubbling up the precomputed result has cost zero */
- joinrel->reltarget->width += phinfo->ph_width;
+ tuple_width += phinfo->ph_width;
}
continue;
}
list_nth(root->row_identity_vars, var->varattno - 1);
/* Update reltarget width estimate from RowIdentityVarInfo */
- joinrel->reltarget->width += ridinfo->rowidwidth;
+ tuple_width += ridinfo->rowidwidth;
}
else
{
continue; /* nope, skip it */
/* Update reltarget width estimate from baserel's attr_widths */
- joinrel->reltarget->width += baserel->attr_widths[ndx];
+ tuple_width += baserel->attr_widths[ndx];
}
/*
/* Vars have cost zero, so no need to adjust reltarget->cost */
}
+
+ joinrel->reltarget->width = clamp_width_est(tuple_width);
}
/*
extern PGDLLIMPORT int effective_cache_size;
extern double clamp_row_est(double nrows);
+extern int32 clamp_width_est(int64 tuple_width);
extern long clamp_cardinality_to_long(Cardinality x);
/* in path/indxpath.c: */
projects / postgresql.git / commitdiff