pgsql: Fix integer overflow in nodeWindowAgg.c
| От | Richard Guo |
|---|---|
| Тема | pgsql: Fix integer overflow in nodeWindowAgg.c |
| Дата | |
| Msg-id | E1wAmlR-00087Y-20@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Fix integer overflow in nodeWindowAgg.c In nodeWindowAgg.c, the calculations for frame start and end positions in ROWS and GROUPS modes were performed using simple integer addition. If a user-supplied offset was sufficiently large (close to INT64_MAX), adding it to the current row or group index could cause a signed integer overflow, wrapping the result to a negative number. This led to incorrect behavior where frame boundaries that should have extended indefinitely (or beyond the partition end) were treated as falling at the first row, or where valid rows were incorrectly marked as out-of-frame. Depending on the specific query and data, these overflows can result in incorrect query results, execution errors, or assertion failures. To fix, use overflow-aware integer addition (ie, pg_add_s64_overflow) to check for overflows during these additions. If an overflow is detected, the boundary is now clamped to INT64_MAX. This ensures the logic correctly treats the boundary as extending to the end of the partition. Bug: #19405 Reported-by: Alexander Lakhin <exclusion@gmail.com> Author: Richard Guo <guofenglinux@gmail.com> Reviewed-by: Tender Wang <tndrwang@gmail.com> Discussion: https://postgr.es/m/19405-1ecf025dda171555@postgresql.org Backpatch-through: 14 Branch ------ REL_18_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/bfc7dff26d53ab42fe6cb6bc2243f5241a6df3e4 Modified Files -------------- src/backend/executor/nodeWindowAgg.c | 62 +++++++++++++++++++++--- src/test/regress/expected/window.out | 91 ++++++++++++++++++++++++++++++++++++ src/test/regress/sql/window.sql | 26 +++++++++++ 3 files changed, 172 insertions(+), 7 deletions(-)
В списке pgsql-committers по дате отправления: