On Sun, 4 Jan 2026 at 16:20, Chao Li <[email protected]> wrote: > I noticed an int32 overflow problem in intarray’s compare_val_int4(): > ``` > /* > * Comparison function for binary search in mcelem array. > */ > static int > compare_val_int4(const void *a, const void *b) > { > int32 key = *(int32 *) a; > const Datum *t = (const Datum *) b; > > return key - DatumGetInt32(*t); > } > ``` > > As this function is a bsearch comparator, it is supposed to return >0, =0 or > <0. However this function uses subtraction with two int32 and returns an int, > which may result in an overflow. Say, key is INT32_MAX and *t is -1, the > return value will be negative due to overflow.
Nice find. Was that found by a static analyser or by eye? I can take care of the overflow issue. I feel the test is a step too far as it seems unlikely ever to be rebroken, but thanks for the SQL-based test case to demonstrate the issue. David
