Fix integer overflow in array_agg(), when the array grows too large If you accumulate many arrays full of NULLs, you could overflow 'nitems', before reaching the MaxAllocSize limit on the allocations. Add an explicit check that the number of items doesn't grow too large. With more than MaxArraySize items, getting the final result with makeArrayResultArr() would fail anyway, so better to error out early.
Reported-by: Xint Code Author: Heikki Linnakangas <[email protected]> Reviewed-by: Tom Lane <[email protected]> Backpatch-through: 14 Security: CVE-2026-6473 Branch ------ REL_15_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/e49e9590d984d60bfd95b438e5c6c07d08e9d661 Author: Heikki Linnakangas <[email protected]> Modified Files -------------- src/backend/utils/adt/arrayfuncs.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-)
