Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vrC9P-008WfN-16 for pgsql-bugs@arkaria.postgresql.org; Sat, 14 Feb 2026 09:41:19 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vrC9N-00HM4o-0V for pgsql-bugs@arkaria.postgresql.org; Sat, 14 Feb 2026 09:41:17 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vrC9M-00HM4g-2Z for pgsql-bugs@lists.postgresql.org; Sat, 14 Feb 2026 09:41:16 +0000 Received: from mail-ot1-x333.google.com ([2607:f8b0:4864:20::333]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1vrC9K-00000000cnV-35tr for pgsql-bugs@lists.postgresql.org; Sat, 14 Feb 2026 09:41:16 +0000 Received: by mail-ot1-x333.google.com with SMTP id 46e09a7af769-7d4beaf25deso1306739a34.0 for ; Sat, 14 Feb 2026 01:41:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1771062071; cv=none; d=google.com; s=arc-20240605; b=P+WIaZ8VETd+Ky5zPfERXKfLIBKgS9zWaeO8tpmNseQsvgiwpaGMXIwtl8pYnx3/ib maYdfS3es1YFySiVaOMKjzzkA9oc04qSm9ciQOAUgKw8SJ4veZvwKg0921T9JM+w7T4Z Q2Jg1FT2tf2OZMV+gEmTCh2HD1F56MyanfRuXg6ggE9nDWFEZp2WF9xrcfNK8Cqamk2Q s3U/ikXhG2JPGnPY116IdrgHuGwbEa9i6K/lBMlMud0W5ANLpzzEMHffwqEDMs4gKsPO TLNRTl5H+GsfVd9A+5c+0lLgafZ0AwNisAm6Cgn4l238jW2UbyhzYDAF1cY0dNwIr6Zx 59vg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=QbeCx9gs04oJlHCs83VfgedhrJXZMUfYXnDDbDyK5ZM=; fh=WOvZsWcaiqbgrdm3oBsRYq18JabB0/HlSQvRzB9P2Zc=; b=c8LG8LDXDaVh8DwF6/CBogtraTzffv/P2k1Nvk7AwMKWDK23tdmPiBurVt94fjQ/Z9 QBMw++6aUDZmGcNY5p3JkyQX6JNC7NoCIr2Ls+Ky1Yj0e425LC1iJwC2M0giTooN813g fFHOhbNPeBaYX30g22cQB86fD9s3zkjaGd0wE13JTaM7bDrxZFgns6ecaevJVGKRQxtz rfTUiIHWTztjN+/rSbVd92OFoMDmPOejpWFN70aY56JxR20MEg860A+9BwevnHGEgMhR 0Yh6sXqbV7jWOjsV1A+8nFeruC1ePTAtijT4DWcvNp5Fwjlrut1/onOJyNVjOPPZlhCF rKIw==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771062071; x=1771666871; darn=lists.postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=QbeCx9gs04oJlHCs83VfgedhrJXZMUfYXnDDbDyK5ZM=; b=VO+sIqChpxZciTrUa/J6e+mzg41GTV4FdD5Rr2aL44pTwIG06r8UX2vIoZkOLzvHt6 zeAETSJb++MF2goBC7hh68kja+GeKnI/BAcjn6svVs6ly9B4AaX+B5xYuCv8NMfoOKwV i+wH18LTQ+ceTu+UAmCSQBAgGEMxP+kWDYqJowjgIfOeqzqAmhaJzrWrk65UlNEJSPrP wLO0X7x7iVsWZWOW/ga6VNbA+A5JSAI0thHmoCihDUwO9eGVLWAkBQ3H2mmiSRAJv/Wg z+4P5BNN9qDErHGoD6fwVSbPuacIlR4buwrymuavvAx9TMXLpkjxdK2VyGFhlNCtQgdx 65VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771062071; x=1771666871; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QbeCx9gs04oJlHCs83VfgedhrJXZMUfYXnDDbDyK5ZM=; b=H2wrDMKlb5XDCPeB1rSpJfWk/MkAr2rbPYxOwG/kjU/xk7J0xZJFAZ3dg/ndx9Qzrq RxEVUP9lUb+67Sm2//EU8OZ8qQQXCi17mlqy2FanOYuT8GHuXuWIJWI/IJyGfPds84ed jv5frnQz5+zadUvbRMG0QoR3IYs7hjXN9sxmZkl2y9TA8WebPrPpTq4K2fbf5CjoMAjI r8NYUTb+Wtz7BdVclW36n+87oWfjxcM2XHLBL8fmvMOtkaxjdGYE/8GbnimJrJsCR5mQ 0ckHRhIhmwmvM6Pj9zk5MNIpd37da5d1KBHkZ8M8PcNzZkCASrPRH34cuA1mZdWuWS+B v5gg== X-Forwarded-Encrypted: i=1; AJvYcCUtXqMofFW2UoJdrap9+u/vyoxFRTPu8Q8cSiTav4vBpVouD4pQnpGreT9OrL2BsBffgQrYZF6sPqwp@lists.postgresql.org X-Gm-Message-State: AOJu0YxsUFaTvXWUBC9cvJ01CY4V9+JmwO+1JDtIOZdcWBnwN4DRI+7p wKKhS7KMZF3VQ76hnJ2HQQX3lTH2NKmR/VMe8oE1Vz5UDnduAecBbtBvKagAYg7xQ7RwG96CYv2 QYPK0ieWXwZNosVCmwWP7FReNIGBqZgQ= X-Gm-Gg: AZuq6aLIc6Volznd2q1nUDQ30pGgEu0jWLjQirq/rmhrdMXfz5FlhrMPy7msx8qS9jN R09FEXCiNhVru/QypCNO9hWjW3hy1yxq/yg78G32mTioD2vhUFRqfAQE0Bk+5qhts8x61FbJzIz wvNmfGo1mWYoBMVg6O9e2/lIXUzbfwh23pE70tWxA5ZSMSUGZvzQGTcOhHBqBXb9tbwkIYvPusv u63T3bWYb8sA9Jmnfrh21wiNR3Mn9Hz0B1VykCDabteOEuLcR9xMmCWhzrRtePqjlsw5l6S+GBL 6G5hVKdYmFgFxghotIA= X-Received: by 2002:a05:6820:1518:b0:676:66f5:100d with SMTP id 006d021491bc7-67822c68e0cmr1521973eaf.33.1771062071445; Sat, 14 Feb 2026 01:41:11 -0800 (PST) MIME-Version: 1.0 References: <19405-1ecf025dda171555@postgresql.org> In-Reply-To: <19405-1ecf025dda171555@postgresql.org> From: Richard Guo Date: Sat, 14 Feb 2026 18:41:00 +0900 X-Gm-Features: AZwV_QiEEkG2pmU4UQQVUR_OuNb7xuILOkYETKna09ijU8hrE0cQFKcHBNILF28 Message-ID: Subject: Re: BUG #19405: Assertion in eval_windowaggregates() fails due to integer overflow To: exclusion@gmail.com, pgsql-bugs@lists.postgresql.org Content-Type: multipart/mixed; boundary="000000000000a502af064ac58579" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000a502af064ac58579 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Feb 13, 2026 at 7:09=E2=80=AFPM PG Bug reporting form wrote: > The following script: > CREATE TABLE t (i integer); > INSERT INTO t SELECT g FROM generate_series(1, 2) g; > SELECT SUM(i) OVER (ROWS BETWEEN 1 PRECEDING AND 0x7fffffffffffffff > FOLLOWING EXCLUDE CURRENT ROW) FROM t; Thanks for the report. Reproduced here. It seems to be caused by a signed integer overflow in row_is_in_frame when calculating the frame's end position: if (pos > winstate->currentpos + offset) return -1; When offset is very large (close to INT64_MAX, as in the reported case), the addition can overflow, in which case the result would wrap to a negative number (with -fwrapv), causing the comparison to incorrectly return true. In release builds, this causes valid rows to be excluded from the window frame. In debug builds, it leads to an assertion failure. I think we can fix this by leveraging the overflow-aware integer operation (ie, pg_add_s64_overflow) to perform the addition here. If an overflow is detected, we can assume the frame boundary extends to the end of the partition, meaning the current row is within the frame. - Richard --000000000000a502af064ac58579 Content-Type: application/octet-stream; name="v1-0001-Fix-signed-integer-overflow-in-nodeWindowAgg.c.patch" Content-Disposition: attachment; filename="v1-0001-Fix-signed-integer-overflow-in-nodeWindowAgg.c.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mlm4maj90 RnJvbSA3ZjMxYWIzOTc5NWFmYTQ5Njg5OWNlZjYyZDE2ODUyZDEyZTJlYzMxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSaWNoYXJkIEd1byA8Z3VvZmVuZ2xpbnV4QGdtYWlsLmNvbT4K RGF0ZTogU2F0LCAxNCBGZWIgMjAyNiAxODoxNjoyNyArMDkwMApTdWJqZWN0OiBbUEFUQ0ggdjFd IEZpeCBzaWduZWQgaW50ZWdlciBvdmVyZmxvdyBpbiBub2RlV2luZG93QWdnLmMKCi0tLQogc3Jj L2JhY2tlbmQvZXhlY3V0b3Ivbm9kZVdpbmRvd0FnZy5jIHwgOCArKysrKysrLQogMSBmaWxlIGNo YW5nZWQsIDcgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL3NyYy9i YWNrZW5kL2V4ZWN1dG9yL25vZGVXaW5kb3dBZ2cuYyBiL3NyYy9iYWNrZW5kL2V4ZWN1dG9yL25v ZGVXaW5kb3dBZ2cuYwppbmRleCBkOWI2NGIwZjQ2NS4uMDY1MTlkNGRmNzAgMTAwNjQ0Ci0tLSBh L3NyYy9iYWNrZW5kL2V4ZWN1dG9yL25vZGVXaW5kb3dBZ2cuYworKysgYi9zcmMvYmFja2VuZC9l eGVjdXRvci9ub2RlV2luZG93QWdnLmMKQEAgLTM3LDYgKzM3LDcgQEAKICNpbmNsdWRlICJjYXRh bG9nL29iamVjdGFjY2Vzcy5oIgogI2luY2x1ZGUgImNhdGFsb2cvcGdfYWdncmVnYXRlLmgiCiAj aW5jbHVkZSAiY2F0YWxvZy9wZ19wcm9jLmgiCisjaW5jbHVkZSAiY29tbW9uL2ludC5oIgogI2lu Y2x1ZGUgImV4ZWN1dG9yL2V4ZWN1dG9yLmgiCiAjaW5jbHVkZSAiZXhlY3V0b3Ivbm9kZVdpbmRv d0FnZy5oIgogI2luY2x1ZGUgIm1pc2NhZG1pbi5oIgpAQCAtMTUzMiwxMiArMTUzMywxNyBAQCBy b3dfaXNfaW5fZnJhbWUoV2luZG93T2JqZWN0IHdpbm9iaiwgaW50NjQgcG9zLCBUdXBsZVRhYmxl U2xvdCAqc2xvdCwKIAkJaWYgKGZyYW1lT3B0aW9ucyAmIEZSQU1FT1BUSU9OX1JPV1MpCiAJCXsK IAkJCWludDY0CQlvZmZzZXQgPSBEYXR1bUdldEludDY0KHdpbnN0YXRlLT5lbmRPZmZzZXRWYWx1 ZSk7CisJCQlpbnQ2NAkJdGFyZ2V0X3BvczsKIAogCQkJLyogcm93cyBhZnRlciBjdXJyZW50IHJv dyArIG9mZnNldCBhcmUgb3V0IG9mIGZyYW1lICovCiAJCQlpZiAoZnJhbWVPcHRpb25zICYgRlJB TUVPUFRJT05fRU5EX09GRlNFVF9QUkVDRURJTkcpCiAJCQkJb2Zmc2V0ID0gLW9mZnNldDsKIAot CQkJaWYgKHBvcyA+IHdpbnN0YXRlLT5jdXJyZW50cG9zICsgb2Zmc2V0KQorCQkJaWYgKHBnX2Fk ZF9zNjRfb3ZlcmZsb3cod2luc3RhdGUtPmN1cnJlbnRwb3MsIG9mZnNldCwgJnRhcmdldF9wb3Mp KQorCQkJeworCQkJCS8qIG92ZXJmbG93OiBmcmFtZSBleHRlbmRzIHRvIGVuZCBvZiBwYXJ0aXRp b24gKi8KKwkJCX0KKwkJCWVsc2UgaWYgKHBvcyA+IHRhcmdldF9wb3MpCiAJCQkJcmV0dXJuIC0x OwogCQl9CiAJCWVsc2UgaWYgKGZyYW1lT3B0aW9ucyAmIChGUkFNRU9QVElPTl9SQU5HRSB8IEZS QU1FT1BUSU9OX0dST1VQUykpCi0tIAoyLjM5LjUgKEFwcGxlIEdpdC0xNTQpCgo= --000000000000a502af064ac58579--