Detect integer overflow in array_set_slice(). When provided an empty initial array, array_set_slice() fails to check for overflow when computing the new array's dimensions. While such overflows are ordinarily caught by ArrayGetNItems(), commands with the following form are accepted:
INSERT INTO t (i[-2147483648:2147483647]) VALUES ('{}'); To fix, perform the hazardous computations using overflow-detecting arithmetic routines. As with commit 18b585155a, the added test cases generate errors that include a platform-dependent value, so we again use psql's VERBOSITY parameter to suppress printing the message text. Reported-by: Alexander Lakhin Author: Joseph Koshakow Reviewed-by: Jian He Discussion: https://postgr.es/m/31ad2cd1-db94-bdb3-f91a-65ffdb4bef95%40gmail.com Backpatch-through: 12 Branch ------ REL_15_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/547dd2cbda12a7316c796999d24e6b3a4338e4a6 Modified Files -------------- src/backend/utils/adt/arrayfuncs.c | 9 ++++++++- src/test/regress/expected/arrays.out | 4 ++++ src/test/regress/sql/arrays.sql | 2 ++ 3 files changed, 14 insertions(+), 1 deletion(-)