Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vrXoI-009vnG-1s for pgsql-bugs@arkaria.postgresql.org; Sun, 15 Feb 2026 08:48:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vrXoH-0010n7-1h for pgsql-bugs@arkaria.postgresql.org; Sun, 15 Feb 2026 08:48:57 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vrXoH-0010my-0r for pgsql-bugs@lists.postgresql.org; Sun, 15 Feb 2026 08:48:57 +0000 Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1vrXoF-00000000lcT-1dIo for pgsql-bugs@lists.postgresql.org; Sun, 15 Feb 2026 08:48:57 +0000 Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-b8f8d80faebso471148566b.1 for ; Sun, 15 Feb 2026 00:48:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1771145334; cv=none; d=google.com; s=arc-20240605; b=fK3FKzyeaHGyKLO4WF/rJSQa4jq5vONudAGsZhhL+PcvFbcLvx3o/r2ecD0cljLX8e 7Ohn5RbubTUZQ56g6YbyiDHI9/s1am7RkmnfqAOeCD2GEr27MzkMRPaT8WfXSij7j/w+ jKUEFCijE1av85BBRg+42IxZ7FXeCX2vR08xMCLIFEauEFf5hKHqARt3g60myP1tY00s Mjw0Sg+ktK2+UmX6ZEUm2gNHjerhEfEnX4GvUFbVqC/Cw3eV9qpGwtXmKpEWU8bzoOHN idiN3yAyYYg1NEbdRMEQwMIwgqpULSKzpvvwYNiNFof2lWvAa13r3yuOgQSIpgpsZPAj 4RtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=iYodbAVzn1rkdbSaiaVAmEsqa09yb9xKme9wmR4Csik=; fh=gOavCyhjRV+wuj5NXLsgnPkblMDhwYnJ/ZOsqEPEMHI=; b=N6xodDRD7xvrDw8Yb0L29wSjS2FkENXb0OD7q0D4sq51lPNCwh59/3D3A0fwsP83Qs G361pLsUe9Ktf1bW3KHxgBM8TOv0Y+Jlzp24/07n1H32s22WabXhNLhJDceUa4clIh4E rO57VIKJbsWZ4Ays776P5EPyHiUuNY1negtkKZBcit1vLOmRHURZSRxaGpYuBkOXV2Ps yecnvQGXijPS8dfFTU0OPz8gpgRaMwqxJBTRHIOgalKx3ufwHWa+xDGuDGeLpuR017+X yzlez54l6QExneb/Rptlhw1spkxtSi1Kt9KlBvt3S6wD8dp+3FGBFC7uhTwzfgxtWIID Ndgg==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771145334; x=1771750134; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=iYodbAVzn1rkdbSaiaVAmEsqa09yb9xKme9wmR4Csik=; b=Ax0ZjXqU1yitAvo+qZfhx3ihBhBrBO5dWyCh/H9IF59PY+0nh8w8LPOkGZ5QmPuRvT zV2aTlc2iyJ2ZZm878ESi5Y49fWqZbWNpm4kuGI3vy0g/5yw+EBUdhQdBVUoFHkhM7Lu weQ/RecvWHGz/xL3gHDGrLtJNWRDO9mHOQIBy3/V02nl2WDKVMSTUQ2WcXTsQRXH0MJz dzqC1RGdJ+sqBji4iSZmOf0tKaMRjfIIhcgJArrlDJQUoIGmBzmPYebqIrFd1y55Nkpi Q9/F/pWL7u0kVoiOJEjKrmYAB83CyWhI8R+nqCd9Lcvqfi4F27o+tKkOV3uL5CPjzGnF zODg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771145334; x=1771750134; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=iYodbAVzn1rkdbSaiaVAmEsqa09yb9xKme9wmR4Csik=; b=mCbSAMw5ZJSQXKu66ApC+hnN0/4vgJ+Igf9Plaq5vqvwkDjwcljz1wMbEdG5afcnLW FtmBi/9r6U8TFUqP529o1b3iBsQoj0h3rg8kWH8at8bjW5SBLVuoLVd+yaCUj4bUtD+R rk6VjYT0BkAhqYGlLDLLx441/1keWEsB16FhfL4iFHZHP3oURGbU+g4nUl5KBPeI/7nM hNSCXLGTjrFgjyMHD0x11DRBhcLnzKgi9so8U+xKVvPoKaBeDdYup1QC565MsnSP3Ac7 /n5iTpKEP7SkE2QkYdfMDQRskLbyEwPyVSNSOPlyJRowTRTsJvOzliZmjuVi/O3/J/5u knAg== X-Forwarded-Encrypted: i=1; AJvYcCVsqdm2KfC//SZyFbJZMyFxysc42sdfrPT00uvHEbQ3z7kflBC6xeeaK+UpDWBtWEhpVBx3OSXjbhVU@lists.postgresql.org X-Gm-Message-State: AOJu0Ywo0kl4VsgpcKhm1uXw2iVeRskvvSADOrB93BjUgg547WR0ZQHH Ojwcubq24b2fGh/IXgBv6EiDswKrwU8Cm7AwrIXzBfGwrrMOTXeFEqvnVxL8dDTLoKUHUbJY7CC QUBRR+zJssUjbSnb83FLWNQv5cn0x/q4= X-Gm-Gg: AZuq6aIT/I5/99zuONCAmpdCkh3yD6BXZRYJij4a+daupA3Rj7gjCgkEoqaLBnVFDZP RcInhA4cgn5JiPa9buajCzVmzRGEhrDya2H70TlSdUhPBtibD2LKB2OHxcgfF+IJLQqTw5CkTLO IzFmuambdJHUNynS7fm9S0x1NEXrPbZKJlUczipC7UhHp2bP2b7zoIiF6sHTWhwbWAn3OXnnlOO 18VE3Dc6YQR+uiDy7axBXOxnUZkJJLFYxdvCDXX8r+IAVO5w6pNeS50KpoNRXPBWjbDBzWzsr/4 Jc3kSgxAhpzgF8CDDh8= X-Received: by 2002:a17:907:7f9f:b0:b88:4ff8:1300 with SMTP id a640c23a62f3a-b8fc06ff73cmr272571366b.26.1771145333983; Sun, 15 Feb 2026 00:48:53 -0800 (PST) MIME-Version: 1.0 References: <19405-1ecf025dda171555@postgresql.org> In-Reply-To: From: Tender Wang Date: Sun, 15 Feb 2026 16:48:04 +0800 X-Gm-Features: AaiRm52Xi3UHBnVwG3uHkEAE6eCzut6agSjU5iUXCUilRDmQXTW_QeapIIbNyEg Message-ID: Subject: Re: BUG #19405: Assertion in eval_windowaggregates() fails due to integer overflow To: Richard Guo Cc: exclusion@gmail.com, pgsql-bugs@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Richard Guo =E4=BA=8E2026=E5=B9=B42=E6=9C=8814=E6= =97=A5=E5=91=A8=E5=85=AD 17:41=E5=86=99=E9=81=93=EF=BC=9A > > On Fri, Feb 13, 2026 at 7:09=E2=80=AFPM PG Bug reporting form > wrote: > > The following script: > > CREATE TABLE t (i integer); > > INSERT INTO t SELECT g FROM generate_series(1, 2) g; > > SELECT SUM(i) OVER (ROWS BETWEEN 1 PRECEDING AND 0x7fffffffffffffff > > FOLLOWING EXCLUDE CURRENT ROW) FROM t; > > Thanks for the report. Reproduced here. > > It seems to be caused by a signed integer overflow in row_is_in_frame > when calculating the frame's end position: > > if (pos > winstate->currentpos + offset) > return -1; > > When offset is very large (close to INT64_MAX, as in the reported > case), the addition can overflow, in which case the result would wrap > to a negative number (with -fwrapv), causing the comparison to > incorrectly return true. In release builds, this causes valid rows to > be excluded from the window frame. In debug builds, it leads to an > assertion failure. Yes, the code above may overflow; in debug builds, the assertion would fail= . > > I think we can fix this by leveraging the overflow-aware integer > operation (ie, pg_add_s64_overflow) to perform the addition here. If > an overflow is detected, we can assume the frame boundary extends to > the end of the partition, meaning the current row is within the frame. > I've also considered similar solutions. But I'm not very familiar with the window function internal codes, so not sure it's the right fix. > Right, I noticed this one too. Basically, nodeWindowAgg.c doesn't > check for overflow when adding startOffsetValue or endOffsetValue. > Since these values are provided by the user and can be arbitrarily > large, simple addition does not seem safe. I think we may need to > switch to overflow-aware integer operations in all relevant code. >Here is an updated patch to fix all relevant code in nodeWindowAgg.c. v2 seems to cover all cases. WFM. In window.sql, we don't have a test case for this issue. I think we should add it to the window.sql --=20 Thanks, Tender Wang