Andreas Seltenreich wrote: > Tom Lane <tgl@sss.pgh.pa.us> writes: > > > Andreas Seltenreich <andreas.seltenreich@credativ.de> writes: > >> The scary one is due to an integer overflow the attached patch also > >> fixes. > > > > s/int/Size/ doesn't fix anything on 32-bit machines. > > Well, it changes the signedness of the computation on 32-bit, and in > combination with the fact that "len" is always smaller than 2^32, but > may exceed 2^31-1, the change avoids the dependency on the undefined > behavior of signed integer overflows in C on 32-bit as well.
Why not just use an unsigned 64 bit variable? Also, perhaps palloc_huge() avoids the whole problem in the first place ... though it might only move the issue around, if you cannot ship the longer-than-1GB resulting escaped value. (Of course, if you try to allocate 2 GB in a 32 bit machine, you're going to be having quite some fun ...)
Pure nitpicking: there is no palloc_huge, only repalloc_huge. Though we could have one. --
