Thread: BUG #18853: integer may overflow in array_user_functions

The following bug has been logged on the website:

Bug reference:      18853
Logged by:          ma liangzhu
Email address:      ma100@hotmail.com
PostgreSQL version: 17.0
Operating system:   centos
Description:

I noticed that in the array_userfunc.c file, there are many calculations
involving int32 without overflow checks. 

For example: 

int reqsize = state1->nbytes + state2->nbytes; 

This could potentially cause overflow, leading to issues.

PG Bug reporting form <noreply@postgresql.org> writes:
> I noticed that in the array_userfunc.c file, there are many calculations
> involving int32 without overflow checks. 

> For example: 
> int reqsize = state1->nbytes + state2->nbytes; 

This particular example is expected not to overflow because Datum
sizes are restricted to be < 1GB.  There may indeed be live overflow
hazards in array_userfunc.c (or elsewhere), but you will need a
considerably more sophisticated analysis to demonstrate it.

            regards, tom lane