Participants
PG Bug reporting form
PG Bug reporting form
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
Mar 18, 2025
#2Tom LaneTom Laneto PG Bug reporting form (#1)
Mar 18, 2025

BUG #18853: integer may overflow in array_user_functions

Started by PG Bug reporting formabout 1 year ago2 messagesbugs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following bug has been logged on the website:

Bug reference: 18853
Logged by: ma liangzhu
Email address: ma100@hotmail.com
PostgreSQL version: 17.0
Operating system: centos
Description:

I noticed that in the array_userfunc.c file, there are many calculations
involving int32 without overflow checks.

For example:

int reqsize = state1->nbytes + state2->nbytes;

This could potentially cause overflow, leading to issues.

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: PG Bug reporting form (#1)
Re: BUG #18853: integer may overflow in array_user_functions

PG Bug reporting form <noreply@postgresql.org> writes:

I noticed that in the array_userfunc.c file, there are many calculations
involving int32 without overflow checks.

For example:
int reqsize = state1->nbytes + state2->nbytes;

This particular example is expected not to overflow because Datum
sizes are restricted to be < 1GB. There may indeed be live overflow
hazards in array_userfunc.c (or elsewhere), but you will need a
considerably more sophisticated analysis to demonstrate it.

regards, tom lane

← Back to Topics