From 9e9f30139eb87e30be64dc34fad6a01e029e8a56 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Tue, 14 Jan 2025 15:13:17 +0900 Subject: [PATCH] Fix potential integer overflow in bringetbitmap() This function expects an "int64" as result and stores the number of pages to add to the index scan bitmap as an "int", multiplying its final result by 10. For a relation large enough, this can theoretically overflow if counting more than (INT32_MAX / 10) pages, knowing that the number of pages is upper-bounded by MaxBlockNumber. To avoid the overflow, this commit redefines "totalpages", used to calculate the result, to be an "int64" rather than an "int". Reported-by: Evgeniy Gorbanyov Author: James Hunter Discussion: https://www.postgresql.org/message-id/07704817-6fa0-460c-b1cf-cd18f7647041@basealt.ru Backpatch-through: 13 --- src/backend/access/brin/brin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/access/brin/brin.c b/src/backend/access/brin/brin.c index a38ff1b4fd2..d3b5f349a24 100644 --- a/src/backend/access/brin/brin.c +++ b/src/backend/access/brin/brin.c @@ -361,7 +361,7 @@ bringetbitmap(IndexScanDesc scan, TIDBitmap *tbm) BrinOpaque *opaque; BlockNumber nblocks; BlockNumber heapBlk; - int totalpages = 0; + int64 totalpages = 0; FmgrInfo *consistentFn; MemoryContext oldcxt; MemoryContext perRangeCxt; -- 2.39.5