Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wHgSS-007Pjj-1h
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 28 Apr 2026 11:18:29 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wHgSR-00H9g8-2T
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 28 Apr 2026 11:18:27 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1wHgSR-00H9eo-1C
	for pgsql-hackers@lists.postgresql.org;
	Tue, 28 Apr 2026 11:18:27 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <daniel@yesql.se>)
	id 1wHgSN-00000003BA3-1qHI
	for pgsql-hackers@postgresql.org;
	Tue, 28 Apr 2026 11:18:26 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id EADD55A8E32
	for <pgsql-hackers@postgresql.org>; Tue, 28 Apr 2026 13:18:05 +0200 (CEST)
Received: from s899.loopia.se (unknown [172.22.191.6])
	by s807.loopia.se (Postfix) with ESMTP id D5D965A9A03;
	Tue, 28 Apr 2026 13:18:05 +0200 (CEST)
Received: from localhost (unknown [172.22.191.6])
	by s899.loopia.se (Postfix) with ESMTP id CFF412C8BA80;
	Tue, 28 Apr 2026 13:18:05 +0200 (CEST)
X-Virus-Scanned: amavis at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s898.loopia.se (amavis); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s934.loopia.se ([172.22.191.6])
 by localhost (s898.loopia.se [172.22.190.17]) (amavis, port 10024) with LMTP
 id zu0OPa4Ci-EA; Tue, 28 Apr 2026 13:18:05 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net
 [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s934.loopia.se (Postfix) with ESMTPSA id 2D1FD917F20;
	Tue, 28 Apr 2026 13:18:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1777375085;
	bh=Eg+XOTwr5pGWI02/yntFfxo+/Sp4nrpXBKxvn/QYoSc=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=et/VJb68UwwjYDKXcfs5Gyv//Fpo44bDd5OAoQMIsIfdnA3nf3QjpkZbOoAyUAxYi
	 wssIf67PjNVPR48zG+YXhhPYm7nmp/7Zr1Lq1RpHrQgKfNji6Be60VdqQH9HpOKOcg
	 7royLXv+1u4Mv1xrZUzoFA0sOeGRJBGXwjp6dTfmBWfkPC7TjY1AEMpFkLyV+L96Tt
	 RdJeOsEtywbPMFucqn7AI2XiWE+3QXfgs/Kd2DPDvUDLSYSEE+o+x7+ryJKPM92Y0S
	 2+jljPNSHOYcww6e7tKx3OQuIv4FexnC5A4VCpeP+Z/ko0c9VA/6vGUnRyovUvBoGA
	 rffrZlITg8HWA==
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\))
Subject: Re: oauth integer overflow
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: 
 <CAOYmi+mGZ5H+k_Y-ascgK7X9snAGdBUOuc=FZRxu6gnB_mjFFQ@mail.gmail.com>
Date: Tue, 28 Apr 2026 13:17:54 +0200
Cc: Andres Freund <andres@anarazel.de>,
 PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <52EEC73C-5887-43F0-848B-DF515DCDFBBF@yesql.se>
References: <qtclihmrkq67ach3xjxyi4qcksstin5qxwsnkqefkmotxwh4g6@ae2bj6jvcmry>
 <B2FCB6A7-10C4-416D-BA22-240E9FCDCE18@yesql.se>
 <CAOYmi+n4U_g+k1Bfs2eavJdps0qQj3HFDa5i3V1c0m3CLYUWhA@mail.gmail.com>
 <BA41032F-217B-4BDE-9F16-4D237B63DA33@yesql.se>
 <CAOYmi+k6K6VKTZLPtQLHnoSSMRZfH_=x6bHRUC3zf1F9kjyb1Q@mail.gmail.com>
 <fcaddr2zt4q7ee5mm7vctb723pcgfjpyo2hnhjhgae2nysobjf@epjk3wl4i2ck>
 <CAOYmi+mGZ5H+k_Y-ascgK7X9snAGdBUOuc=FZRxu6gnB_mjFFQ@mail.gmail.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
X-Mailer: Apple Mail (2.3776.700.51.11.2)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/52EEC73C-5887-43F0-848B-DF515DCDFBBF%40yesql.se>
Precedence: bulk

> On 23 Apr 2026, at 21:05, Jacob Champion =
<jacob.champion@enterprisedb.com> wrote:
>=20
> On Thu, Apr 23, 2026 at 11:37=E2=80=AFAM Andres Freund =
<andres@anarazel.de> wrote:
>> How about instead making sure that actx->authz.interval never gets =
big enough
>> to have any chance of overflowing during either the +=3D 5 or the * =
1000?  It's
>> clearly ok to error out well before that...
>=20
> It probably is, but I guess the approach depends on whether you prefer
> checking at the time of operation, or attempting to reason about it
> ahead of time in far-away code. With the latter, if additional math is
> added in the future, then either the new overflow hazard gets missed,
> or the ceiling gets lowered again, or the new math gets an overflow
> check when the others don't. I prefer the time-of-use pattern,
> personally.

I am fine with your approach in the attached patch.  If you don't like =
the
static assert you could move it to be out of the way, and expand the =
comment
for it to what it means if it hits.  Just one small nitpick on the =
patch:

+	 * LONG_MAX milliseconds is 24 days on 32-bit platforms,
+	 * which for most people is going to be equivalent to a
+	 * disabled timer... but avoid overflow in case the

When teading "disabled timer" I interpret that as a timer which is 0 and =
has no
interval (which might be due to not being a native speaker), but what it
actually describes is an interval which (in practice) never ends.  =
Perhaps it
could be phrased more like "for most people is going to be equivalent to =
a
never ending interval".

--
Daniel Gustafsson