Fix integer-overflow problem in intarray's g_int_decompress().

An array element equal to INT_MAX gave this code indigestion, causing an infinite loop that surely ended in SIGSEGV. We fixed some nearby problems awhile ago (cf 757c5182f) but missed this. Report and diagnosis by Alexander Lakhin (bug #18273); patch by me Discussion: https://postgr.es/m/18273-9a832d1da122600c@postgresql.org
2025-06-11 20:28:21 +03:00 · 2024-01-07 15:19:50 -05:00
parent 1a7c03e6fc
commit 940ab02b53
4 changed files with 27 additions and 22 deletions
--- a/contrib/intarray/sql/_int.sql
+++ b/contrib/intarray/sql/_int.sql
@ -194,9 +194,10 @@ DROP INDEX text_idx;
 -- core that would reach the same codepaths.
 CREATE TABLE more__int AS SELECT
   -- Leave alone NULLs, empty arrays and the one row that we use to test
-   -- equality
+   -- equality; also skip INT_MAX
   CASE WHEN a IS NULL OR a = '{}' OR a = '{73,23,20}' THEN a ELSE
-     (select array_agg(u) || array_agg(u + 1000) || array_agg(u + 2000) from (select unnest(a) u) x)
+     (select array_agg(u) || array_agg(u + 1000) || array_agg(u + 2000)
+      from unnest(a) u where u < 2000000000)
   END AS a, a as b
   FROM test__int;
 CREATE INDEX ON more__int using gist (a gist__int_ops(numranges = 252));