I took a look at 0003.
+ /* dim[i] = 1 + upperIndx[i] - lowerIndx[i]; */
+ if (pg_add_s32_overflow(1, upperIndx[i], &dim[i]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array upper bound is too large: %d",
+ upperIndx[i])));
+ if (pg_sub_s32_overflow(dim[i], lowerIndx[i], &dim[i]))
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("array size exceeds the maximum allowed (%d)",
+ (int) MaxArraySize)));
I think the problem with fixing it this way is that it prohibits more than
is necessary. For example, doing the subtraction first might prevent the
addition from overflowing, and doing the addition first can prevent the
subtraction from overflowing. Granted, this is probably not really worth
worrying about too much, but we're already dealing with "absurd slice
ranges," so we might as well set an example for elsewhere.
An easy way to deal with this problem is to first perform the calculation
with everything cast to an int64. Before setting dim[i], you'd check that
the result is in [PG_INT32_MIN, PG_INT32_MAX] and fail if needed.
int64 newdim;
...
newdim = (int64) 1 + (int64) upperIndx[i] - (int64) lowerIndx[i];
if (unlikely(newdim < PG_INT32_MIN || newdim > PG_INT32_MAX))
ereport(ERROR,
...
dim[i] = (int32) newdim;
--
nathan
