From: Heikki Linnakangas <heikki.linnakangas@iki.fi>
Date: Wed, 11 Aug 2010 19:12:36 +0000 (+0000)
Subject: The sanity check added to array_recv() wa a bit too tight; we must
X-Git-Tag: REL9_0_RC1~55
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e286b85c90d2197b9eaa2dc6d0b2b67795ba7ab9;p=postgresql

The sanity check added to array_recv() wa a bit too tight; we must
continue to accept an empty array with dimension information. array_send()
can output such arrays.

Per report from Vladimir Shakhov.
---

diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
index 533b77c1cd..dd0fd227e7 100644
--- a/src/backend/utils/adt/arrayfuncs.c
+++ b/src/backend/utils/adt/arrayfuncs.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/arrayfuncs.c,v 1.164 2010/02/26 02:01:07 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/arrayfuncs.c,v 1.164.4.1 2010/08/11 19:12:36 heikki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1213,17 +1213,21 @@ array_recv(PG_FUNCTION_ARGS)
 
 	for (i = 0; i < ndim; i++)
 	{
-		int			ub;
-
 		dim[i] = pq_getmsgint(buf, 4);
 		lBound[i] = pq_getmsgint(buf, 4);
 
-		ub = lBound[i] + dim[i] - 1;
-		/* overflow? */
-		if (lBound[i] > ub)
-			ereport(ERROR,
-					(errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
-					 errmsg("integer out of range")));
+		/*
+		 * Check overflow of upper bound. (ArrayNItems() below checks that
+		 * dim[i] >= 0)
+		 */
+		if (dim[i] != 0)
+		{
+			int ub = lBound[i] + dim[i] - 1;
+			if (lBound[i] > ub)
+				ereport(ERROR,
+						(errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
+						 errmsg("integer out of range")));
+		}
 	}
 
 	/* This checks for overflow of array dimensions */