public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jacob Champion <[email protected]>
To: Andres Freund <[email protected]>
Cc: Daniel Gustafsson <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: oauth integer overflow
Date: Thu, 23 Apr 2026 12:05:32 -0700
Message-ID: <CAOYmi+mGZ5H+k_Y-ascgK7X9snAGdBUOuc=FZRxu6gnB_mjFFQ@mail.gmail.com> (raw)
In-Reply-To: <fcaddr2zt4q7ee5mm7vctb723pcgfjpyo2hnhjhgae2nysobjf@epjk3wl4i2ck>
References: <qtclihmrkq67ach3xjxyi4qcksstin5qxwsnkqefkmotxwh4g6@ae2bj6jvcmry>
<[email protected]>
<CAOYmi+n4U_g+k1Bfs2eavJdps0qQj3HFDa5i3V1c0m3CLYUWhA@mail.gmail.com>
<[email protected]>
<CAOYmi+k6K6VKTZLPtQLHnoSSMRZfH_=x6bHRUC3zf1F9kjyb1Q@mail.gmail.com>
<fcaddr2zt4q7ee5mm7vctb723pcgfjpyo2hnhjhgae2nysobjf@epjk3wl4i2ck>
On Thu, Apr 23, 2026 at 11:37 AM Andres Freund <[email protected]> wrote:
> How about instead making sure that actx->authz.interval never gets big enough
> to have any chance of overflowing during either the += 5 or the * 1000? It's
> clearly ok to error out well before that...
It probably is, but I guess the approach depends on whether you prefer
checking at the time of operation, or attempting to reason about it
ahead of time in far-away code. With the latter, if additional math is
added in the future, then either the new overflow hazard gets missed,
or the ceiling gets lowered again, or the new math gets an overflow
check when the others don't. I prefer the time-of-use pattern,
personally.
--Jacob
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: oauth integer overflow
In-Reply-To: <CAOYmi+mGZ5H+k_Y-ascgK7X9snAGdBUOuc=FZRxu6gnB_mjFFQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox