[Pkg-postgresql-public] Bug#771580: postgresql-9.4: Minor binary-search int overflow

[Niels Thykier]

Source: postgresql-9.4
Version: 9.4~rc1-1
Severity: minor


Hi,

I stumbled on the folowing snippet from src/timezone/localtime.c,
function pg_interpret_timezone_abbrev:

       {
               int                     lo = 0;
               int                     hi = sp->timecnt;

               while (lo < hi)
               {
                       int                     mid = (lo + hi) >> 1;
                                                       ^^^^^^^

This looks it is subject to a known int overflow, when (original) hi
is close to INT_MAX and the item being close to then end of the array.

~Niels

Reference: http://googleresearch.blogspot.dk/2006/06/extra-extra-read-all-about-it-nearly.html