PG Bug reporting form <noreply@postgresql.org> writes:
> I noticed that in the array_userfunc.c file, there are many calculations
> involving int32 without overflow checks.
> For example:
> int reqsize = state1->nbytes + state2->nbytes;
This particular example is expected not to overflow because Datum
sizes are restricted to be < 1GB. There may indeed be live overflow
hazards in array_userfunc.c (or elsewhere), but you will need a
considerably more sophisticated analysis to demonstrate it.
regards, tom lane