Re: BUG #18853: integer may overflow in array_user_functions
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: ma100@hotmail.com
Cc: pgsql-bugs@lists.postgresql.org
Date: 2025-03-18T13:58:05Z
Lists: pgsql-bugs
PG Bug reporting form <noreply@postgresql.org> writes: > I noticed that in the array_userfunc.c file, there are many calculations > involving int32 without overflow checks. > For example: > int reqsize = state1->nbytes + state2->nbytes; This particular example is expected not to overflow because Datum sizes are restricted to be < 1GB. There may indeed be live overflow hazards in array_userfunc.c (or elsewhere), but you will need a considerably more sophisticated analysis to demonstrate it. regards, tom lane