| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: oauth integer overflow |
| Date: | 2026-04-23 18:37:26 |
| Message-ID: | fcaddr2zt4q7ee5mm7vctb723pcgfjpyo2hnhjhgae2nysobjf@epjk3wl4i2ck |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2026-04-23 11:31:34 -0700, Jacob Champion wrote:
> On Thu, Apr 23, 2026 at 11:17 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> > > Cool. I have one written up and can share it for comparison, if you'd
> > > like, but it's fairly verbose and I wonder if there's a better way to
> > > do it.
> >
> > Well, if you're already done then please do share it, and we'll use that as a
> > starting point.
>
> Attached. The static_assert for the millisecond calculation is the
> only part I don't really like, but doing an overflow check on a
> calculation that can't overflow int64 is even more verbose/wasteful.
How about instead making sure that actx->authz.interval never gets big enough
to have any chance of overflowing during either the += 5 or the * 1000? It's
clearly ok to error out well before that...
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2026-04-23 18:49:04 | Re: CheckAttributeType() forgot to recurse into multiranges |
| Previous Message | Jacob Champion | 2026-04-23 18:31:34 | Re: oauth integer overflow |