[Pkg-postgresql-public] Bug#771580: postgresql-9.4: Minor binary-search int overflow

Niels Thykier niels at thykier.net
Sun Nov 30 21:06:42 UTC 2014

Source: postgresql-9.4
Version: 9.4~rc1-1
Severity: minor


I stumbled on the folowing snippet from src/timezone/localtime.c,
function pg_interpret_timezone_abbrev:

               int                     lo = 0;
               int                     hi = sp->timecnt;

               while (lo < hi)
                       int                     mid = (lo + hi) >> 1;

This looks it is subject to a known int overflow, when (original) hi
is close to INT_MAX and the item being close to then end of the array.


Reference: http://googleresearch.blogspot.dk/2006/06/extra-extra-read-all-about-it-nearly.html

More information about the Pkg-postgresql-public mailing list