Fix overflow in bsearch_arg() with more than INT_MAX elements

This was introduced in commit bfa2cee784, which replaced the old
bsearch_cmp() function we had in extended_stats.c with the current
implementation. The original discussion or commit message of
bfa2cee784 didn't mention where the new implementation came from, but
based on some googling, I'm guessing *BSD or libiberty, all of which
share this same code, with or without this fix.

Author: Ranier Vilela
Reviewed-by: Nathan Bossart
Back-through: 14
Discussion: https://www.postgresql.org/message-id/CAEudQAp34o_8u6sGSVraLwuMv9F7T9hyHpePXHmRaxR2Aboi%2Bw%40mail.gmail.com

diff --git a/src/port/bsearch_arg.c b/src/port/bsearch_arg.c
index f0de467beeeaa0088f8a88a5da07fc8747fe5ba0..e0446a9f075122f5aebfb031442dd8b40ec7f395 100644 (file)
--- a/src/port/bsearch_arg.c
+++ b/src/port/bsearch_arg.c
@@ -58,8 +58,8 @@ bsearch_arg(const void *key, const void *base0,
            void *arg)
 {
    const char *base = (const char *) base0;
-   int         lim,
-               cmp;
+   size_t      lim;
+   int         cmp;
    const void *p;
 
    for (lim = nmemb; lim != 0; lim >>= 1)