[PATCH] contrib/xml2: guard against signed integer overflow in parse_params
Varik Matevosyan <varikmatevosyan@gmail.com>
From: Varik Matevosyan <varikmatevosyan@gmail.com>
To: pgsql-hackers@lists.postgresql.org
Date: 2026-05-04T11:26:50Z
Lists: pgsql-hackers
Attachments
- 0001-contrib-xml2-guard-against-signed-integer-overflow-i.patch (application/octet-stream) patch 0001
Hi, Small robustness fix for contrib/xml2/parse_params. The doubling of max_params relies on signed-integer overflow wrapping to a value that AllocSizeIsValid then rejects, which is both UB and incidental safety. The overflow is unreachable in current builds (text input is bounded by MaxAllocSize, which limits nparams below the doubling threshold), but the fix is small and matches the explicit overflow-checking idiom used elsewhere in the tree. Patch attached against current master. Regards, Varik