From 307b75e93f4887ccdd8074380550eafa49d63c5f Mon Sep 17 00:00:00 2001
From: MasaoFujii <masao.fujii@gmail.com>
Date: Fri, 23 May 2014 03:41:29 +0900
Subject: [PATCH] Fix possible overflow in calculations of palloc request
 sizes.

This commit is inspired by the change of pg_trgm:
c3ccc9ee584b9b015dd9c1931e261e21f3961e5f

Back-patch to all supported versions.
---
 bigm_op.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bigm_op.c b/bigm_op.c
index 84515b5..0a3b599 100644
--- a/bigm_op.c
+++ b/bigm_op.c
@@ -246,7 +246,7 @@ generate_bigm(char *str, int slen)
 	char	   *bword,
 			   *eword;
 
-	bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (slen / 2 + 1) *3);
+	bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (Size) (slen / 2 + 1) * 3);
 	SET_VARSIZE(bgm, VARHDRSZ);
 
 	if (slen + LPADDING + RPADDING < 2 || slen == 0)
@@ -476,7 +476,7 @@ generate_wildcard_bigm(const char *str, int slen, bool *removeDups)
 
 	*removeDups = false;
 
-	bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (slen / 2 + 1) *3);
+	bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (Size) (slen / 2 + 1) * 3);
 	SET_VARSIZE(bgm, VARHDRSZ);
 
 	if (slen + LPADDING + RPADDING < 2 || slen == 0)
@@ -653,7 +653,7 @@ likequery(PG_FUNCTION_ARGS)
 	if (len == 0)
 		PG_RETURN_NULL();
 
-	result = (text *) palloc(len * 2 + 2 + VARHDRSZ);
+	result = (text *) palloc((Size) len * 2 + 2 + VARHDRSZ);
 	rp = VARDATA(result);
 	*rp++ = '%';
 
-- 
2.11.0