This is an automated email from the ASF dual-hosted git repository.

tuhaihe pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudberry.git

commit 29f6d06ab6792d5540fe49505ab81ae842d42240
Author: Tom Lane <[email protected]>
AuthorDate: Mon May 11 05:13:49 2026 -0700

    Add pg_add_size_overflow() and friends
    
    Partion. Changes from libpq to be done later.
    
    Commit 600086f47 added (several bespoke copies of) size_t addition with
    overflow checks to libpq. Move this to common/int.h, along with
    its subtraction and multiplication counterparts.
    
    pg_neg_size_overflow() is intentionally omitted; I'm not sure we should
    add SSIZE_MAX to win32_port.h for the sake of a function with no
    callers.
    
    Back-patch of commit 8934f2136, done now because pg_add_size_overflow()
    and friends are needed more widely for security fixes.
    
    Author: Jacob Champion <[email protected]>
    Reviewed-by: Chao Li <[email protected]>
    Reviewed-by: Michael Paquier <[email protected]>
---
 src/include/common/int.h | 67 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/src/include/common/int.h b/src/include/common/int.h
index 487124473d2..1f4218bfbc5 100644
--- a/src/include/common/int.h
+++ b/src/include/common/int.h
@@ -438,4 +438,71 @@ pg_mul_u64_overflow(uint64 a, uint64 b, uint64 *result)
 #endif
 }
 
+/*
+ * size_t
+ */
+static inline bool
+pg_add_size_overflow(size_t a, size_t b, size_t *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+       return __builtin_add_overflow(a, b, result);
+#else
+       size_t          res = a + b;
+
+       if (res < a)
+       {
+               *result = 0x5EED;               /* to avoid spurious warnings */
+               return true;
+       }
+       *result = res;
+       return false;
+#endif
+}
+
+static inline bool
+pg_sub_size_overflow(size_t a, size_t b, size_t *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+       return __builtin_sub_overflow(a, b, result);
+#else
+       if (b > a)
+       {
+               *result = 0x5EED;               /* to avoid spurious warnings */
+               return true;
+       }
+       *result = a - b;
+       return false;
+#endif
+}
+
+static inline bool
+pg_mul_size_overflow(size_t a, size_t b, size_t *result)
+{
+#if defined(HAVE__BUILTIN_OP_OVERFLOW)
+       return __builtin_mul_overflow(a, b, result);
+#else
+       size_t          res = a * b;
+
+       if (a != 0 && b != res / a)
+       {
+               *result = 0x5EED;               /* to avoid spurious warnings */
+               return true;
+       }
+       *result = res;
+       return false;
+#endif
+}
+
+/*
+ * pg_neg_size_overflow is currently omitted, to avoid having to reason about
+ * the portability of SSIZE_MIN/_MAX before a use case exists.
+ */
+/*
+ * static inline bool
+ * pg_neg_size_overflow(size_t a, ssize_t *result)
+ * {
+ *     ...
+ * }
+ */
+
 #endif                                                 /* COMMON_INT_H */


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to