Fix overflow in bsearch_arg() with more than INT_MAX elements

This was introduced in commit bfa2cee784, which replaced the old
bsearch_cmp() function we had in extended_stats.c with the current
implementation. The original discussion or commit message of
bfa2cee784 didn't mention where the new implementation came from, but
based on some googling, I'm guessing *BSD or libiberty, all of which
share this same code, with or without this fix.

Author: Ranier Vilela
Reviewed-by: Nathan Bossart
Backpatch-through: 14
Discussion: https://www.postgresql.org/message-id/CAEudQAp34o_8u6sGSVraLwuMv9F7T9hyHpePXHmRaxR2Aboi%2Bw%40mail.gmail.com

diff --git a/src/port/bsearch_arg.c b/src/port/bsearch_arg.c
index 8849bdffd2524a66479548e10beb92d6dfaab88a..c9a11c9d6da176cbe3e8038acd625ede61adf8df 100644 (file)
--- a/src/port/bsearch_arg.c
+++ b/src/port/bsearch_arg.c
@@ -58,8 +58,8 @@ bsearch_arg(const void *key, const void *base0,
                        void *arg)
 {
        const char *base = (const char *) base0;
-       int                     lim,
-                               cmp;
+       size_t          lim;
+       int                     cmp;
        const void *p;
 
        for (lim = nmemb; lim != 0; lim >>= 1)