From 42f50cb8fa9848bbbc6776bcea03293a6b28b2d4 Mon Sep 17 00:00:00 2001 From: Alvaro Herrera Date: Tue, 10 Jan 2017 11:41:13 -0300 Subject: [PATCH] Fix overflow check in StringInfo; add missing casts MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit A few thinkos I introduced in fa2fa9955280. Also, amend a similarly broken comment. Report by Daniel Vérité. Authors: Daniel Vérité, Álvaro Herrera Discussion: https://postgr.es/m/1706e85e-60d2-494e-8a64-9af1e1b2186e@manitou-mail.org --- src/backend/lib/stringinfo.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/backend/lib/stringinfo.c b/src/backend/lib/stringinfo.c index bdc204edf7..3eee49beb6 100644 --- a/src/backend/lib/stringinfo.c +++ b/src/backend/lib/stringinfo.c @@ -313,19 +313,20 @@ enlargeStringInfo(StringInfo str, int needed) * for efficiency, double the buffer size each time it overflows. * Actually, we might need to more than double it if 'needed' is big... */ - newlen = 2 * str->maxlen; - while (needed > newlen) + newlen = 2 * (Size) str->maxlen; + while ((Size) needed > newlen) newlen = 2 * newlen; /* - * Clamp to the limit in case we went past it. Note we are assuming here - * that limit <= INT_MAX/2, else the above loop could overflow. We will - * still have newlen >= needed. + * Clamp to the limit in case we went past it. (We used to depend on + * limit <= INT32_MAX/2, to avoid overflow in the loop above; we no longer + * depend on that, but if "needed" and str->maxlen ever become wider, we + * will need similar caution here.) We will still have newlen >= needed. */ if (newlen > limit) newlen = limit; - str->data = (char *) repalloc_huge(str->data, (Size) newlen); + str->data = (char *) repalloc_huge(str->data, newlen); str->maxlen = newlen; } -- 2.40.0