Hi,
Using sqlancer I've found curious vulnerability. In some places of the
code we convert LONG_MAX to double. After value of 2^53 double doesn't
correspond to a long value precisely. So, LONG_MAX can be converted into
'LONG_MAX + 1' double value. And string:
(long) Min(numGroups, (double) LONG_MAX);
can return negative value, if numGroups > LONG_MAX.
Maybe it isn't practical issue right now, but this annoying thing
doesn't allow to pass sqlancer tests sometimes, for example, with options:
--extensions='pg_stat_statements' --oracle HAVING
It is not difficult to fix the problem in-place, of course. But maybe do
better: change the type of numGroups field in any Plan nodes to double
and convert it into specific type right before usage?
--
Regards
Andrey Lepikhov
Postgres Professional