Eugeny Goryachev <[email protected]> writes: > The selectivity function _int_matchsel() in contrib/intarray > assumes that the right-hand argument is a valid query_int datum. > If a malformed or binary-incompatible value is passed (for example, > via an implicit cast from a user-defined type created WITHOUT FUNCTION), > the function may dereference an invalid pointer and crash.
Didn't we fix that in CVE-2026-2004?
regards, tom lane
