Fix overflow check in StringInfo; add missing casts

A few thinkos I introduced in fa2fa9955280.  Also, amend a similarly
broken comment.

Report by Daniel Vérité.
Authors: Daniel Vérité, Álvaro Herrera
Discussion: https://postgr.es/m/1706e85e-60d2-494e-8a64-9af1e1b2186e@manitou-mail.org

diff --git a/src/backend/lib/stringinfo.c b/src/backend/lib/stringinfo.c
index bdc204edf77e56533f6f897c6a0c11f58c426727..3eee49beb6270aab957c83fcc5b5282c3327b42a 100644 (file)
--- a/src/backend/lib/stringinfo.c
+++ b/src/backend/lib/stringinfo.c
@@ -313,19 +313,20 @@ enlargeStringInfo(StringInfo str, int needed)
     * for efficiency, double the buffer size each time it overflows.
     * Actually, we might need to more than double it if 'needed' is big...
     */
-   newlen = 2 * str->maxlen;
-   while (needed > newlen)
+   newlen = 2 * (Size) str->maxlen;
+   while ((Size) needed > newlen)
        newlen = 2 * newlen;
 
    /*
-    * Clamp to the limit in case we went past it.  Note we are assuming here
-    * that limit <= INT_MAX/2, else the above loop could overflow.  We will
-    * still have newlen >= needed.
+    * Clamp to the limit in case we went past it.  (We used to depend on
+    * limit <= INT32_MAX/2, to avoid overflow in the loop above; we no longer
+    * depend on that, but if "needed" and str->maxlen ever become wider, we
+    * will need similar caution here.)  We will still have newlen >= needed.
     */
    if (newlen > limit)
        newlen = limit;
 
-   str->data = (char *) repalloc_huge(str->data, (Size) newlen);
+   str->data = (char *) repalloc_huge(str->data, newlen);
 
    str->maxlen = newlen;
 }