Fix possible overflow in calculations of palloc request sizes.

This commit is inspired by the change of pg_trgm:
c3ccc9ee584b9b015dd9c1931e261e21f3961e5f

Back-patch to all supported versions.

diff --git a/bigm_op.c b/bigm_op.c
index 84515b5..0a3b599 100644 (file)
--- a/bigm_op.c
+++ b/bigm_op.c
@@ -246,7 +246,7 @@ generate_bigm(char *str, int slen)
        char       *bword,
                           *eword;
 
-       bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (slen / 2 + 1) *3);
+       bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (Size) (slen / 2 + 1) * 3);
        SET_VARSIZE(bgm, VARHDRSZ);
 
        if (slen + LPADDING + RPADDING < 2 || slen == 0)
@@ -476,7 +476,7 @@ generate_wildcard_bigm(const char *str, int slen, bool *removeDups)
 
        *removeDups = false;
 
-       bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (slen / 2 + 1) *3);
+       bgm = (BIGM *) palloc(VARHDRSZ + sizeof(bigm) * (Size) (slen / 2 + 1) * 3);
        SET_VARSIZE(bgm, VARHDRSZ);
 
        if (slen + LPADDING + RPADDING < 2 || slen == 0)
@@ -653,7 +653,7 @@ likequery(PG_FUNCTION_ARGS)
        if (len == 0)
                PG_RETURN_NULL();
 
-       result = (text *) palloc(len * 2 + 2 + VARHDRSZ);
+       result = (text *) palloc((Size) len * 2 + 2 + VARHDRSZ);
        rp = VARDATA(result);
        *rp++ = '%';