pgcrypto bundles a copy of the imath library for arbitrary-precision integer
arithmetic in non-SSL builds. Upstream fixed buffer overflows through the
years, and commit 8b59672 brought those fixes into PostgreSQL. In master, I
would like to fully resynchronize with fresh imath 1.29. We're better off
naively tracking upstream than reactively maintaining a twelve-year-old
snapshot of upstream.
imath1.29-raw-sync-v1.patch is the result of copying new imath.c and imath.h
into place, removing "#ifdef __cplusplus" blocks that upset pgindent, running
pgindent, and filtering through "unexpand -t4 --first-only".
imath1.29-pgedits-v1.patch then restores PostgreSQL-specific changes. I would
squash these together for eventual commit, since the intermediate state is
broken, but it should ease review to see them separately. I did not keep the
INVERT_COMPARE_RESULT() change from c87cb5f; the domain of the comparisons in
question is {-1,0,1}, controlled entirely by code in imath.c.
Upstream has fixed bugs over the years, but I am not specifically aware of any
represented fix here that affects pgcrypto. Most suspicious to me are the
division fixes, which could affect our pgp_elgamal_{en,de}crypt(). You can
examine https://github.com/creachadair/imath/blob/master/ChangeLog for all
changes between imath-1.3 and imath-1.29.
Like PostgreSQL, imath now assumes C99. Unlike PostgreSQL, it has adopted
mixed declarations and code; our -Wdeclaration-after-statement would add
sixty-two warnings. If the compiler supports -Wdeclaration-after-statement, I
add -Wno-declaration-after-statement for imath.c.
Thanks,
nm