Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wFyvf-005lWx-1W
	for pgsql-hackers@arkaria.postgresql.org;
	Thu, 23 Apr 2026 18:37:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wFyve-002q7c-2B
	for pgsql-hackers@arkaria.postgresql.org;
	Thu, 23 Apr 2026 18:37:34 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <andres@anarazel.de>)
	id 1wFyvd-002q70-1o
	for pgsql-hackers@lists.postgresql.org;
	Thu, 23 Apr 2026 18:37:34 +0000
Received: from fout-b7-smtp.messagingengine.com ([202.12.124.150])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <andres@anarazel.de>)
	id 1wFyva-00000002hNZ-1f9K
	for pgsql-hackers@postgresql.org;
	Thu, 23 Apr 2026 18:37:33 +0000
Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42])
	by mailfout.stl.internal (Postfix) with ESMTP id 920C01D00103;
	Thu, 23 Apr 2026 14:37:27 -0400 (EDT)
Received: from phl-frontend-04 ([10.202.2.163])
  by phl-compute-02.internal (MEProxy); Thu, 23 Apr 2026 14:37:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anarazel.de; h=
	cc:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1776969447;
	 x=1777055847; bh=qAPOLMoXa/xNC3y5YMwJ9yLy92sfzuGNIPFU/KrGRVs=; b=
	s3tEifIuHSANayApsfEJSKTaXIFH28p/XeFJLXeW7Oj5KjkgvwPrJnXmJm7C8S0M
	yoq0i75yGzzThIwYoiQq6jehMyGvztXZlmqbKQbziDbMuWP4c8IU087hTsllpijo
	9hgpLnghmW7NWEIyKc7Z+X1JRNfnroRRHCTG0bGdQ9D+n9zpDHx/dMYjAibvU+Q7
	j0qcmdNh5O5f/aW72FuopHZ+ift5x54v7Gf6UDrfuru22lWPN0Mznws4MjJrogUq
	Ir6Q0dNMz1JB/DUi+fQ+1r+XkRnsHv7x3nvxSKiFxuIWRSeHuwU3OniRGOXI3FUg
	3y56W8jQBMfgSXq8VqhaDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1776969447; x=
	1777055847; bh=qAPOLMoXa/xNC3y5YMwJ9yLy92sfzuGNIPFU/KrGRVs=; b=K
	wwh8zcYqIRKshnGnq+xtmBoK+sSGF8dycT9AeIz4WzLeVDiJaA/dkVkmYY8IsKUJ
	EyBX6igbeNYejODtLoPDKhIi/H5TtD0Y1+1h/4sv+nK2a7k9+D9iSa12gm1wcqXc
	KxtoRLNzs3Ee6hMifP2izsA60fIRiQjGQeo4HPOvYChoLDcry70lDZPZyZxikF9h
	ckrRDiJaLkPS6CoNrLFR8TCIourCDF7G61z5CQ0oYNDr5Hr+hpwQXDaLRokrB+sz
	FF25cDytyGcgqK+Hz5algIL2ts3gtSciiS/tFN3tJk4bFxcVhub/cDbKb8rNlCb6
	h2o9YGgVgQ0CiTykRiBpA==
X-ME-Sender: <xms:5mbqaWw-8B21Cm4kPToTCqVocJwNEiQeW_goZAl2OfbK-Pg36O91GA>
    <xme:5mbqaWmHh2gZZzv2aEcjPeIuLWiNMPvS7WBiB4FKk7m-n5J63kdgKkGEEN1-0SY7a
    YUXZG-eeS3s0zXZvV8ThRm34ch2fOIQg0ElJggyruX7Sk8Br0EEhRw>
X-ME-Received: 
 <xmr:5mbqaXewvQN92PcrNkfvC4DOWEPWsRoMCbpODPiU0mXnYENaUO_fC2grE3_P5IhM10679A>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgdeijeeklecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpeffhffvvefukfhfgggtugfgjgestheksfdttddtjeenucfhrhhomheptehnughrvghs
    ucfhrhgvuhhnugcuoegrnhgurhgvshesrghnrghrrgiivghlrdguvgeqnecuggftrfgrth
    htvghrnheptdelledvgfejvdffieeukeefueelfffhgeffhffgffekveeuheeihefhiefg
    hfdvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprg
    hnughrvghssegrnhgrrhgriigvlhdruggvpdhnsggprhgtphhtthhopeefpdhmohguvgep
    shhmthhpohhuthdprhgtphhtthhopehjrggtohgsrdgthhgrmhhpihhonhesvghnthgvrh
    hprhhishgvuggsrdgtohhmpdhrtghpthhtohepphhgshhqlhdqhhgrtghkvghrshesphho
    shhtghhrvghsqhhlrdhorhhgpdhrtghpthhtohepuggrnhhivghlseihvghsqhhlrdhsvg
X-ME-Proxy: <xmx:5mbqaUoE1ZUyIaCOPYcNNja6T1RJbMH8cvLQFmoydMvsx8arlHHnig>
    <xmx:5mbqad5XQ4JGLWkEutiySbcchhoovYuCc5_vidGLlpimxcCfkMET_w>
    <xmx:5mbqaSphEGUjTfZZfFS1JwgX9u_JE_BH1LKXzQ_T80SWV1s2rKjA3A>
    <xmx:5mbqaXiWXijpsxlexGGo3P1eJ6PJXnzPOZTVvCxcF5xsJxwCUIa1Nw>
    <xmx:52bqaQS1RbNlE6dtC0X05rDBb4ftevd0rN_MegkIffX7q_WYY5X3nGFZ>
Feedback-ID: id4a34324:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 23 Apr 2026 14:37:26 -0400 (EDT)
Date: Thu, 23 Apr 2026 14:37:26 -0400
From: Andres Freund <andres@anarazel.de>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Daniel Gustafsson <daniel@yesql.se>,
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Subject: Re: oauth integer overflow
Message-ID: <fcaddr2zt4q7ee5mm7vctb723pcgfjpyo2hnhjhgae2nysobjf@epjk3wl4i2ck>
References: <qtclihmrkq67ach3xjxyi4qcksstin5qxwsnkqefkmotxwh4g6@ae2bj6jvcmry>
 <B2FCB6A7-10C4-416D-BA22-240E9FCDCE18@yesql.se>
 <CAOYmi+n4U_g+k1Bfs2eavJdps0qQj3HFDa5i3V1c0m3CLYUWhA@mail.gmail.com>
 <BA41032F-217B-4BDE-9F16-4D237B63DA33@yesql.se>
 <CAOYmi+k6K6VKTZLPtQLHnoSSMRZfH_=x6bHRUC3zf1F9kjyb1Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: 
 <CAOYmi+k6K6VKTZLPtQLHnoSSMRZfH_=x6bHRUC3zf1F9kjyb1Q@mail.gmail.com>
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/fcaddr2zt4q7ee5mm7vctb723pcgfjpyo2hnhjhgae2nysobjf%40epjk3wl4i2ck>
Precedence: bulk

Hi,

On 2026-04-23 11:31:34 -0700, Jacob Champion wrote:
> On Thu, Apr 23, 2026 at 11:17 AM Daniel Gustafsson <daniel@yesql.se> wrote:
> > > Cool. I have one written up and can share it for comparison, if you'd
> > > like, but it's fairly verbose and I wonder if there's a better way to
> > > do it.
> >
> > Well, if you're already done then please do share it, and we'll use that as a
> > starting point.
> 
> Attached. The static_assert for the millisecond calculation is the
> only part I don't really like, but doing an overflow check on a
> calculation that can't overflow int64 is even more verbose/wasteful.

How about instead making sure that actx->authz.interval never gets big enough
to have any chance of overflowing during either the += 5 or the * 1000?  It's
clearly ok to error out well before that...

Greetings,

Andres Freund