Re: BUG #18853: integer may overflow in array_user_functions

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: ma100@hotmail.com
Cc: pgsql-bugs@lists.postgresql.org
Date: 2025-03-18T13:58:05Z
Lists: pgsql-bugs
PG Bug reporting form <noreply@postgresql.org> writes:
> I noticed that in the array_userfunc.c file, there are many calculations
> involving int32 without overflow checks. 

> For example: 
> int reqsize = state1->nbytes + state2->nbytes; 

This particular example is expected not to overflow because Datum
sizes are restricted to be < 1GB.  There may indeed be live overflow
hazards in array_userfunc.c (or elsewhere), but you will need a
considerably more sophisticated analysis to demonstrate it.

			regards, tom lane