git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Richard Guo <rguo@postgresql.org>
	Thu, 9 Apr 2026 10:28:33 +0000 (19:28 +0900)
committer	Richard Guo <rguo@postgresql.org>
	Thu, 9 Apr 2026 10:32:09 +0000 (19:32 +0900)
commit	f8736f8bc5315fe94cba961825acc3552f8064b0
tree	42aa50529774d8247d5e82af2c362cdcdcfe15fb	tree \| snapshot
parent	586f4266fb4945f6ea3564b9c1bab093eb74bee4	commit \| diff

Fix integer overflow in nodeWindowAgg.c

In nodeWindowAgg.c, the calculations for frame start and end positions
in ROWS and GROUPS modes were performed using simple integer addition.
If a user-supplied offset was sufficiently large (close to INT64_MAX),
adding it to the current row or group index could cause a signed
integer overflow, wrapping the result to a negative number.

This led to incorrect behavior where frame boundaries that should have
extended indefinitely (or beyond the partition end) were treated as
falling at the first row, or where valid rows were incorrectly marked
as out-of-frame.  Depending on the specific query and data, these
overflows can result in incorrect query results, execution errors, or
assertion failures.

To fix, use overflow-aware integer addition (ie, pg_add_s64_overflow)
to check for overflows during these additions.  If an overflow is
detected, the boundary is now clamped to INT64_MAX.  This ensures the
logic correctly treats the boundary as extending to the end of the
partition.

Bug: #19405
Reported-by: Alexander Lakhin <exclusion@gmail.com>
Author: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Tender Wang <tndrwang@gmail.com>
Discussion: https://postgr.es/m/19405-1ecf025dda171555@postgresql.org
Backpatch-through: 14

src/backend/executor/nodeWindowAgg.c		diff \| blob \| blame \| history
src/test/regress/expected/window.out		diff \| blob \| blame \| history
src/test/regress/sql/window.sql		diff \| blob \| blame \| history