From 558cf803876874c55d637a1e87417fa1c670efe1 Mon Sep 17 00:00:00 2001 From: Andres Freund Date: Thu, 30 Mar 2023 09:50:18 -0700 Subject: [PATCH] bufmgr: Fix undefined behaviour with, unrealistically, large temp_buffers Quoting Melanie: > Since if buffer is INT_MAX, then the -(buffer + 1) version invokes > undefined behavior while the -buffer - 1 version doesn't. All other places were already using the correct version. I (Andres), copied the code into more places in a patch. Melanie caught it in review, but to prevent more people from copying the bad code, fix it. Even if it is a theoretical issue. We really ought to wrap these accesses in a helper function... As this is a theoretical issue, don't backpatch. Reported-by: Melanie Plageman Discussion: https://postgr.es/m/CAAKRu_aW2SX_LWtwHgfnqYpBrunMLfE9PD6-ioPpkh92XH0qpg@mail.gmail.com --- src/backend/storage/buffer/localbuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/storage/buffer/localbuf.c b/src/backend/storage/buffer/localbuf.c index 5325ddb663..68b4817c67 100644 --- a/src/backend/storage/buffer/localbuf.c +++ b/src/backend/storage/buffer/localbuf.c @@ -305,7 +305,7 @@ MarkLocalBufferDirty(Buffer buffer) fprintf(stderr, "LB DIRTY %d\n", buffer); #endif - bufid = -(buffer + 1); + bufid = -buffer - 1; Assert(LocalRefCount[bufid] > 0);