Varik Matevosyan <varikmatevosyan@gmail.com> writes:
> Small robustness fix for contrib/xml2/parse_params. The doubling
> of max_params relies on signed-integer overflow wrapping to a value
> that AllocSizeIsValid then rejects, which is both UB and incidental
> safety.
There are many many places in our tree that handle that the same way.
The argument that it's UB is nonsense, because AllocSizeIsValid
rejects values >= 1G, so that it will fail on the iteration before
the integer counter can overflow. (This is indeed exactly why that
limit is 1G and not 2G; see the comment for MaxAllocSize.)
I think this proposal makes parse_params less like other code,
not more so, so I don't think we need extra code here.
regards, tom lane