git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Richard Guo <rguo@postgresql.org>
	Thu, 9 Apr 2026 10:28:33 +0000 (19:28 +0900)
committer	Richard Guo <rguo@postgresql.org>
	Thu, 9 Apr 2026 10:28:33 +0000 (19:28 +0900)
commit	8b6c89e377b545ddb04fc09eecf89cd52be89e07
tree	916eac2571a12d691b231a22c4875634ce9443f6	tree \| snapshot
parent	11d6042337fc064e245081671c47cd9c1ac0d772	commit \| diff

Fix integer overflow in nodeWindowAgg.c

In nodeWindowAgg.c, the calculations for frame start and end positions
in ROWS and GROUPS modes were performed using simple integer addition.
If a user-supplied offset was sufficiently large (close to INT64_MAX),
adding it to the current row or group index could cause a signed
integer overflow, wrapping the result to a negative number.

This led to incorrect behavior where frame boundaries that should have
extended indefinitely (or beyond the partition end) were treated as
falling at the first row, or where valid rows were incorrectly marked
as out-of-frame.  Depending on the specific query and data, these
overflows can result in incorrect query results, execution errors, or
assertion failures.

To fix, use overflow-aware integer addition (ie, pg_add_s64_overflow)
to check for overflows during these additions.  If an overflow is
detected, the boundary is now clamped to INT64_MAX.  This ensures the
logic correctly treats the boundary as extending to the end of the
partition.

Bug: #19405
Reported-by: Alexander Lakhin <exclusion@gmail.com>
Author: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Tender Wang <tndrwang@gmail.com>
Discussion: https://postgr.es/m/19405-1ecf025dda171555@postgresql.org
Backpatch-through: 14

src/backend/executor/nodeWindowAgg.c		diff \| blob \| blame \| history
src/test/regress/expected/window.out		diff \| blob \| blame \| history
src/test/regress/sql/window.sql		diff \| blob \| blame \| history