From 55327256a049e3926d4d1cda39a7bb5886cbe03c Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Mon, 28 Oct 2024 14:07:38 +0200 Subject: [PATCH] Fix overflow in bsearch_arg() with more than INT_MAX elements This was introduced in commit bfa2cee784, which replaced the old bsearch_cmp() function we had in extended_stats.c with the current implementation. The original discussion or commit message of bfa2cee784 didn't mention where the new implementation came from, but based on some googling, I'm guessing *BSD or libiberty, all of which share this same code, with or without this fix. Author: Ranier Vilela Reviewed-by: Nathan Bossart Backpatch-through: 14 Discussion: https://www.postgresql.org/message-id/CAEudQAp34o_8u6sGSVraLwuMv9F7T9hyHpePXHmRaxR2Aboi%2Bw%40mail.gmail.com --- src/port/bsearch_arg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/port/bsearch_arg.c b/src/port/bsearch_arg.c index 8849bdffd2..c9a11c9d6d 100644 --- a/src/port/bsearch_arg.c +++ b/src/port/bsearch_arg.c @@ -58,8 +58,8 @@ bsearch_arg(const void *key, const void *base0, void *arg) { const char *base = (const char *) base0; - int lim, - cmp; + size_t lim; + int cmp; const void *p; for (lim = nmemb; lim != 0; lim >>= 1)