diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2025-10-19 18:28:46 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2025-10-19 18:28:46 -0400 |
| commit | 92cf557ffae436235cfa3bbba1265b5807a68ef2 (patch) | |
| tree | a81ff55a779bb81141a0b15feeff692179b9a0cb | |
| parent | 277dec6514728e2d0d87c1279dd5e0afbf897428 (diff) | |
Add static assertion that RELSEG_SIZE fits in an int.
Our configure script intended to ensure this, but it supposed that
expr(1) would report an error for integer overflow. Maybe that
was true when the code was written (commit 3c6248a82 of 2008-05-02),
but all the modern expr's I tried will deliver bigger-than-int32
results without complaint. Moreover, if you use --with-segsize-blocks
then there's no check at all.
Ideally we'd add a test in configure itself to check that the value
fits in int, but to do that we'd need to suppose that test(1) handles
bigger-than-int32 numbers correctly. Probably modern ones do, but
that's an assumption I could do without; and I'm not too trusting
about meson either. Instead, let's install a static assertion, so
that even people who ignore all the compiler warnings you get from
such values will be forced to confront the fact that it won't work.
This has been hazardous for awhile, but given that we hadn't heard
a complaint about it till now, I don't feel a need to back-patch.
Reported-by: Casey Shobe <casey.allen.shobe@icloud.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/C5DC82D6-C76D-4E8F-BC2E-DF03EFC4FA24@icloud.com
| -rw-r--r-- | src/backend/storage/smgr/md.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/backend/storage/smgr/md.c b/src/backend/storage/smgr/md.c index 2ccb0faceb5..235ba7e1914 100644 --- a/src/backend/storage/smgr/md.c +++ b/src/backend/storage/smgr/md.c @@ -21,6 +21,7 @@ */ #include "postgres.h" +#include <limits.h> #include <unistd.h> #include <fcntl.h> #include <sys/file.h> @@ -65,6 +66,15 @@ * out to an unlinked old copy of a segment file that will eventually * disappear. * + * RELSEG_SIZE must fit into BlockNumber; but since we expose its value + * as an integer GUC, it actually needs to fit in signed int. It's worth + * having a cross-check for this since configure's --with-segsize options + * could let people select insane values. + */ +StaticAssertDecl(RELSEG_SIZE > 0 && RELSEG_SIZE <= INT_MAX, + "RELSEG_SIZE must fit in an integer"); + +/* * File descriptors are stored in the per-fork md_seg_fds arrays inside * SMgrRelation. The length of these arrays is stored in md_num_open_segs. * Note that a fork's md_num_open_segs having a specific value does not |