From 65924e6cc6048667a6d1c0ddf33cce76881b226b Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Wed, 12 May 2004 22:39:00 +0000
Subject: [PATCH] Tighten up overflow check in path_recv, pursuant to code
 review inspired by Ken Ashcraft's report.  I think there is no actual bug
 here since if the int32 value does wrap a little bit, palloc will still
 reject it. Still it's better that the code be obviously correct.

---
 src/backend/utils/adt/geo_ops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/backend/utils/adt/geo_ops.c b/src/backend/utils/adt/geo_ops.c
index 0e80190958d..19de68af870 100644
--- a/src/backend/utils/adt/geo_ops.c
+++ b/src/backend/utils/adt/geo_ops.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/geo_ops.c,v 1.82 2003/09/29 00:05:25 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/geo_ops.c,v 1.82.2.1 2004/05/12 22:39:00 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1383,7 +1383,7 @@ path_recv(PG_FUNCTION_ARGS)
 
 	closed = pq_getmsgbyte(buf);
 	npts = pq_getmsgint(buf, sizeof(int32));
-	if (npts < 0 || npts >= (int32) (INT_MAX / sizeof(Point)))
+	if (npts < 0 || npts >= (int32) ((INT_MAX - offsetof(PATH, p[0])) / sizeof(Point)))
 		ereport(ERROR,
 				(errcode(ERRCODE_INVALID_BINARY_REPRESENTATION),
 				 errmsg("invalid number of points in external \"path\" value")));
-- 
2.39.5