Thread
-
BUG #18853: integer may overflow in array_user_functions
PG Bug reporting form <noreply@postgresql.org> — 2025-03-18T08:02:46Z
The following bug has been logged on the website: Bug reference: 18853 Logged by: ma liangzhu Email address: ma100@hotmail.com PostgreSQL version: 17.0 Operating system: centos Description: I noticed that in the array_userfunc.c file, there are many calculations involving int32 without overflow checks. For example: int reqsize = state1->nbytes + state2->nbytes; This could potentially cause overflow, leading to issues.
-
Re: BUG #18853: integer may overflow in array_user_functions
Tom Lane <tgl@sss.pgh.pa.us> — 2025-03-18T13:58:05Z
PG Bug reporting form <noreply@postgresql.org> writes: > I noticed that in the array_userfunc.c file, there are many calculations > involving int32 without overflow checks. > For example: > int reqsize = state1->nbytes + state2->nbytes; This particular example is expected not to overflow because Datum sizes are restricted to be < 1GB. There may indeed be live overflow hazards in array_userfunc.c (or elsewhere), but you will need a considerably more sophisticated analysis to demonstrate it. regards, tom lane