From 80d5d4937c168af46c976feebe24765ad76eb540 Mon Sep 17 00:00:00 2001 From: Masahiko Sawada Date: Mon, 25 Mar 2024 12:06:41 +0900 Subject: [PATCH] Fix potential integer handling issue in radixtree.h. Coverity complained about the integer handling issue; if we start with an arbitrary non-negative shift value, the loop may decrement it down to something less than zero before exiting. This commit adds an assertion to make sure the 'shift' is always 0 after the loop, and uses 0 as the shift to get the key chunk in the following operation. Introduced by ee1b30f12. Reported-by: Tom Lane as per coverity Reviewed-by: Tom Lane Discussion: https://postgr.es/m/2089517.1711299216%40sss.pgh.pa.us --- src/include/lib/radixtree.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/include/lib/radixtree.h b/src/include/lib/radixtree.h index b8ad51c14d..5fe89134a5 100644 --- a/src/include/lib/radixtree.h +++ b/src/include/lib/radixtree.h @@ -1615,10 +1615,11 @@ RT_EXTEND_DOWN(RT_RADIX_TREE * tree, RT_PTR_ALLOC * parent_slot, uint64 key, int node = child; shift -= RT_SPAN; } + Assert(shift == 0); /* Reserve slot for the value. */ n4 = (RT_NODE_4 *) node.local; - n4->chunks[0] = RT_GET_KEY_CHUNK(key, shift); + n4->chunks[0] = RT_GET_KEY_CHUNK(key, 0); n4->base.count = 1; return &n4->children[0];