| From: | Richard Guo <guofenglinux(at)gmail(dot)com> |
|---|---|
| To: | Alexander Lakhin <exclusion(at)gmail(dot)com> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #19405: Assertion in eval_windowaggregates() fails due to integer overflow |
| Date: | 2026-02-14 11:00:51 |
| Message-ID: | CAMbWs4_jYG-vjN579aLuE7pf9PaZaPL9KCjPRN0kn3T+obE7hw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Sat, Feb 14, 2026 at 7:00 PM Alexander Lakhin <exclusion(at)gmail(dot)com> wrote:
> The patch works for me, but I've just discovered one more similar anomaly:
> SELECT SUM(i) OVER (ROWS BETWEEN 0x7fffffffffffffff FOLLOWING AND 1 FOLLOWING), i FROM t;
>
> ERROR: XX000: window frame head moved backward
> LOCATION: eval_windowaggregates, nodeWindowAgg.c:782
Right, I noticed this one too. Basically, nodeWindowAgg.c doesn't
check for overflow when adding startOffsetValue or endOffsetValue.
Since these values are provided by the user and can be arbitrarily
large, simple addition does not seem safe. I think we may need to
switch to overflow-aware integer operations in all relevant code.
- Richard
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2026-02-14 11:42:02 | Re: 17.8 standby crashes during WAL replay from 17.5 primary: "could not access status of transaction" |
| Previous Message | Alexander Lakhin | 2026-02-14 10:00:00 | Re: BUG #19405: Assertion in eval_windowaggregates() fails due to integer overflow |