This patch was created based on upstream commit:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=18b585155a891784ca8985f595ebc0dde94e0d43

The upstream regression test is not applicable for PG9.2

int.h source file comes from:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/include/common/int.h;h=487124473d25b206a985a9742f39b348f50a5324

diff -urN -x '*cscope*' postgresql-9.2.24/src/backend/utils/adt/arrayfuncs.c postgresql-final/src/backend/utils/adt/arrayfuncs.c

--- postgresql-9.2.24/src/backend/utils/adt/arrayfuncs.c	2017-11-06 23:17:39.000000000 +0100

+++ postgresql-final/src/backend/utils/adt/arrayfuncs.c	2023-11-21 15:20:49.000000000 +0100

@@ -24,7 +24,7 @@

 #include "utils/lsyscache.h"

 #include "utils/memutils.h"

 #include "utils/typcache.h"

-

+#include "common/int.h"

 /*

  * GUC parameter

@@ -2138,22 +2138,38 @@

 	addedbefore = addedafter = 0;

 	/*

-	 * Check subscripts

+	 * Check subscripts.  We assume the existing subscripts passed

+	 * ArrayCheckBounds, so that dim[i] + lb[i] can be computed without

+	 * overflow.  But we must beware of other overflows in our calculations of

+	 * new dim[] values.

 	 */

 	if (ndim == 1)

 	{

 		if (indx[0] < lb[0])

 		{

-			addedbefore = lb[0] - indx[0];

-			dim[0] += addedbefore;

+			// addedbefore = lb[0] - indx[0];

+			// dim[0] += addedbefore;

+			if (pg_sub_s32_overflow(lb[0], indx[0], &addedbefore) ||

+		        	pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))

+               			ereport(ERROR,

+                       			(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),

+                        		errmsg("array size exceeds the maximum allowed (%d)",

+                               			(int) MaxArraySize)));

 			lb[0] = indx[0];

 			if (addedbefore > 1)

 				newhasnulls = true;		/* will insert nulls */

 		}

 		if (indx[0] >= (dim[0] + lb[0]))

 		{

-			addedafter = indx[0] - (dim[0] + lb[0]) + 1;

-			dim[0] += addedafter;

+			// addedafter = indx[0] - (dim[0] + lb[0]) + 1;

+			// dim[0] += addedafter;

+			if (pg_sub_s32_overflow(indx[0], dim[0] + lb[0], &addedafter) ||

+			    pg_add_s32_overflow(addedafter, 1, &addedafter) ||

+               		    pg_add_s32_overflow(dim[0], addedafter, &dim[0]))

+               		    ereport(ERROR,

+                       		    (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),

+                        	    errmsg("array size exceeds the maximum allowed (%d)",

+                               		   (int) MaxArraySize)));

 			if (addedafter > 1)

 				newhasnulls = true;		/* will insert nulls */

 		}

@@ -2435,18 +2451,31 @@

 					 errmsg("upper bound cannot be less than lower bound")));

 		if (lowerIndx[0] < lb[0])

 		{

-			if (upperIndx[0] < lb[0] - 1)

-				newhasnulls = true;		/* will insert nulls */

-			addedbefore = lb[0] - lowerIndx[0];

-			dim[0] += addedbefore;

+			// addedbefore = lb[0] - lowerIndx[0];

+			// dim[0] += addedbefore;

+			if (pg_sub_s32_overflow(lb[0], lowerIndx[0], &addedbefore) ||

+	                    pg_add_s32_overflow(dim[0], addedbefore, &dim[0]))

+	               	    ereport(ERROR,

+	                            (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),

+            		             errmsg("array size exceeds the maximum allowed (%d)",

+	                                     (int) MaxArraySize)));

 			lb[0] = lowerIndx[0];

+			if (addedbefore > 1)

+				newhasnulls = true;		/* will insert nulls */

 		}

 		if (upperIndx[0] >= (dim[0] + lb[0]))

 		{

-			if (lowerIndx[0] > (dim[0] + lb[0]))

+			if (pg_sub_s32_overflow(upperIndx[0], dim[0] + lb[0], &addedafter) ||

+		            pg_add_s32_overflow(addedafter, 1, &addedafter) ||

+		            pg_add_s32_overflow(dim[0], addedafter, &dim[0]))

+		            ereport(ERROR,

+				    (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),

+				     errmsg("array size exceeds the maximum allowed (%d)",

+                                            (int) MaxArraySize)));

+			if (addedafter > 1)

 				newhasnulls = true;		/* will insert nulls */

-			addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1;

-			dim[0] += addedafter;

+			// addedafter = upperIndx[0] - (dim[0] + lb[0]) + 1;

+			// dim[0] += addedafter;

 		}

 	}

 	else

diff -urN -x '*cscope*' postgresql-9.2.24/src/backend/utils/adt/arrayutils.c postgresql-final/src/backend/utils/adt/arrayutils.c

--- postgresql-9.2.24/src/backend/utils/adt/arrayutils.c	2017-11-06 23:17:39.000000000 +0100

+++ postgresql-final/src/backend/utils/adt/arrayutils.c	2023-11-21 15:19:25.000000000 +0100

@@ -63,10 +63,6 @@

  * This must do overflow checking, since it is used to validate that a user

  * dimensionality request doesn't overflow what we can handle.

  *

- * We limit array sizes to at most about a quarter billion elements,

- * so that it's not necessary to check for overflow in quite so many

- * places --- for instance when palloc'ing Datum arrays.

- *

  * The multiplication overflow check only works on machines that have int64

  * arithmetic, but that is nearly all platforms these days, and doing check

  * divides for those that don't seems way too expensive.

@@ -77,7 +73,6 @@

 	int32		ret;

 	int			i;

-#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))

 	if (ndim <= 0)

 		return 0;

diff -urN -x '*cscope*' postgresql-9.2.24/src/include/c.h postgresql-final/src/include/c.h

--- postgresql-9.2.24/src/include/c.h	2017-11-06 23:17:39.000000000 +0100

+++ postgresql-final/src/include/c.h	2023-11-21 15:19:25.000000000 +0100

@@ -215,6 +215,23 @@

  */

 /*

+ * stdint.h limits aren't guaranteed to be present and aren't guaranteed to

+ * have compatible types with our fixed width types. So just define our own.

+ */

+#define PG_INT8_MIN             (-0x7F-1)

+#define PG_INT8_MAX             (0x7F)

+#define PG_UINT8_MAX    (0xFF)

+#define PG_INT16_MIN    (-0x7FFF-1)

+#define PG_INT16_MAX    (0x7FFF)

+#define PG_UINT16_MAX   (0xFFFF)

+#define PG_INT32_MIN    (-0x7FFFFFFF-1)

+#define PG_INT32_MAX    (0x7FFFFFFF)

+#define PG_UINT32_MAX   (0xFFFFFFFFU)

+#define PG_INT64_MIN    (-INT64CONST(0x7FFFFFFFFFFFFFFF) - 1)

+#define PG_INT64_MAX    INT64CONST(0x7FFFFFFFFFFFFFFF)

+#define PG_UINT64_MAX   UINT64CONST(0xFFFFFFFFFFFFFFFF)

+

+/*

  * Pointer

  *		Variable holding address of any memory resident object.

  *

diff -urN -x '*cscope*' postgresql-9.2.24/src/include/common/int.h postgresql-final/src/include/common/int.h

--- postgresql-9.2.24/src/include/common/int.h	1970-01-01 01:00:00.000000000 +0100

+++ postgresql-final/src/include/common/int.h	2023-11-21 15:19:25.000000000 +0100

@@ -0,0 +1,441 @@

+/*-------------------------------------------------------------------------

+ *

+ * int.h

+ *	  Routines to perform integer math, while checking for overflows.

+ *

+ * The routines in this file are intended to be well defined C, without

+ * relying on compiler flags like -fwrapv.

+ *

+ * To reduce the overhead of these routines try to use compiler intrinsics

+ * where available. That's not that important for the 16, 32 bit cases, but

+ * the 64 bit cases can be considerably faster with intrinsics. In case no

+ * intrinsics are available 128 bit math is used where available.

+ *

+ * Copyright (c) 2017-2023, PostgreSQL Global Development Group

+ *

+ * src/include/common/int.h

+ *

+ *-------------------------------------------------------------------------

+ */

+#ifndef COMMON_INT_H

+#define COMMON_INT_H

+

+

+/*---------

+ * The following guidelines apply to all the routines:

+ * - If a + b overflows, return true, otherwise store the result of a + b

+ * into *result. The content of *result is implementation defined in case of

+ * overflow.

+ * - If a - b overflows, return true, otherwise store the result of a - b

+ * into *result. The content of *result is implementation defined in case of

+ * overflow.

+ * - If a * b overflows, return true, otherwise store the result of a * b

+ * into *result. The content of *result is implementation defined in case of

+ * overflow.

+ *---------

+ */

+

+/*------------------------------------------------------------------------

+ * Overflow routines for signed integers

+ *------------------------------------------------------------------------

+ */

+

+/*

+ * INT16

+ */

+static inline bool

+pg_add_s16_overflow(int16 a, int16 b, int16 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_add_overflow(a, b, result);

+#else

+	int32		res = (int32) a + (int32) b;

+

+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int16) res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_sub_s16_overflow(int16 a, int16 b, int16 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_sub_overflow(a, b, result);

+#else

+	int32		res = (int32) a - (int32) b;

+

+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int16) res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_mul_s16_overflow(int16 a, int16 b, int16 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_mul_overflow(a, b, result);

+#else

+	int32		res = (int32) a * (int32) b;

+

+	if (res > PG_INT16_MAX || res < PG_INT16_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int16) res;

+	return false;

+#endif

+}

+

+/*

+ * INT32

+ */

+static inline bool

+pg_add_s32_overflow(int32 a, int32 b, int32 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_add_overflow(a, b, result);

+#else

+	int64		res = (int64) a + (int64) b;

+

+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int32) res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_sub_s32_overflow(int32 a, int32 b, int32 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_sub_overflow(a, b, result);

+#else

+	int64		res = (int64) a - (int64) b;

+

+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int32) res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_mul_s32_overflow(int32 a, int32 b, int32 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_mul_overflow(a, b, result);

+#else

+	int64		res = (int64) a * (int64) b;

+

+	if (res > PG_INT32_MAX || res < PG_INT32_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int32) res;

+	return false;

+#endif

+}

+

+/*

+ * INT64

+ */

+static inline bool

+pg_add_s64_overflow(int64 a, int64 b, int64 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_add_overflow(a, b, result);

+#elif defined(HAVE_INT128)

+	int128		res = (int128) a + (int128) b;

+

+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int64) res;

+	return false;

+#else

+	if ((a > 0 && b > 0 && a > PG_INT64_MAX - b) ||

+		(a < 0 && b < 0 && a < PG_INT64_MIN - b))

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = a + b;

+	return false;

+#endif

+}

+

+static inline bool

+pg_sub_s64_overflow(int64 a, int64 b, int64 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_sub_overflow(a, b, result);

+#elif defined(HAVE_INT128)

+	int128		res = (int128) a - (int128) b;

+

+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int64) res;

+	return false;

+#else

+	/*

+	 * Note: overflow is also possible when a == 0 and b < 0 (specifically,

+	 * when b == PG_INT64_MIN).

+	 */

+	if ((a < 0 && b > 0 && a < PG_INT64_MIN + b) ||

+		(a >= 0 && b < 0 && a > PG_INT64_MAX + b))

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = a - b;

+	return false;

+#endif

+}

+

+static inline bool

+pg_mul_s64_overflow(int64 a, int64 b, int64 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_mul_overflow(a, b, result);

+#elif defined(HAVE_INT128)

+	int128		res = (int128) a * (int128) b;

+

+	if (res > PG_INT64_MAX || res < PG_INT64_MIN)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (int64) res;

+	return false;

+#else

+	/*

+	 * Overflow can only happen if at least one value is outside the range

+	 * sqrt(min)..sqrt(max) so check that first as the division can be quite a

+	 * bit more expensive than the multiplication.

+	 *

+	 * Multiplying by 0 or 1 can't overflow of course and checking for 0

+	 * separately avoids any risk of dividing by 0.  Be careful about dividing

+	 * INT_MIN by -1 also, note reversing the a and b to ensure we're always

+	 * dividing it by a positive value.

+	 *

+	 */

+	if ((a > PG_INT32_MAX || a < PG_INT32_MIN ||

+		 b > PG_INT32_MAX || b < PG_INT32_MIN) &&

+		a != 0 && a != 1 && b != 0 && b != 1 &&

+		((a > 0 && b > 0 && a > PG_INT64_MAX / b) ||

+		 (a > 0 && b < 0 && b < PG_INT64_MIN / a) ||

+		 (a < 0 && b > 0 && a < PG_INT64_MIN / b) ||

+		 (a < 0 && b < 0 && a < PG_INT64_MAX / b)))

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = a * b;

+	return false;

+#endif

+}

+

+/*------------------------------------------------------------------------

+ * Overflow routines for unsigned integers

+ *------------------------------------------------------------------------

+ */

+

+/*

+ * UINT16

+ */

+static inline bool

+pg_add_u16_overflow(uint16 a, uint16 b, uint16 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_add_overflow(a, b, result);

+#else

+	uint16		res = a + b;

+

+	if (res < a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_sub_u16_overflow(uint16 a, uint16 b, uint16 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_sub_overflow(a, b, result);

+#else

+	if (b > a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = a - b;

+	return false;

+#endif

+}

+

+static inline bool

+pg_mul_u16_overflow(uint16 a, uint16 b, uint16 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_mul_overflow(a, b, result);

+#else

+	uint32		res = (uint32) a * (uint32) b;

+

+	if (res > PG_UINT16_MAX)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (uint16) res;

+	return false;

+#endif

+}

+

+/*

+ * INT32

+ */

+static inline bool

+pg_add_u32_overflow(uint32 a, uint32 b, uint32 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_add_overflow(a, b, result);

+#else

+	uint32		res = a + b;

+

+	if (res < a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_sub_u32_overflow(uint32 a, uint32 b, uint32 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_sub_overflow(a, b, result);

+#else

+	if (b > a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = a - b;

+	return false;

+#endif

+}

+

+static inline bool

+pg_mul_u32_overflow(uint32 a, uint32 b, uint32 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_mul_overflow(a, b, result);

+#else

+	uint64		res = (uint64) a * (uint64) b;

+

+	if (res > PG_UINT32_MAX)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (uint32) res;

+	return false;

+#endif

+}

+

+/*

+ * UINT64

+ */

+static inline bool

+pg_add_u64_overflow(uint64 a, uint64 b, uint64 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_add_overflow(a, b, result);

+#else

+	uint64		res = a + b;

+

+	if (res < a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = res;

+	return false;

+#endif

+}

+

+static inline bool

+pg_sub_u64_overflow(uint64 a, uint64 b, uint64 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_sub_overflow(a, b, result);

+#else

+	if (b > a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = a - b;

+	return false;

+#endif

+}

+

+static inline bool

+pg_mul_u64_overflow(uint64 a, uint64 b, uint64 *result)

+{

+#if defined(HAVE__BUILTIN_OP_OVERFLOW)

+	return __builtin_mul_overflow(a, b, result);

+#elif defined(HAVE_INT128)

+	uint128		res = (uint128) a * (uint128) b;

+

+	if (res > PG_UINT64_MAX)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = (uint64) res;

+	return false;

+#else

+	uint64		res = a * b;

+

+	if (a != 0 && b != res / a)

+	{

+		*result = 0x5EED;		/* to avoid spurious warnings */

+		return true;

+	}

+	*result = res;

+	return false;

+#endif

+}

+

+#endif							/* COMMON_INT_H */

diff -urN -x '*cscope*' postgresql-9.2.24/src/include/utils/array.h postgresql-final/src/include/utils/array.h

--- postgresql-9.2.24/src/include/utils/array.h	2017-11-06 23:17:39.000000000 +0100

+++ postgresql-final/src/include/utils/array.h	2023-11-21 15:19:25.000000000 +0100

@@ -59,6 +59,14 @@

 #include "fmgr.h"

 /*

+* Maximum number of elements in an array.  We limit this to at most about a

+* quarter billion elements, so that it's not necessary to check for overflow

+* in quite so many places --- for instance when palloc'ing Datum arrays.

+*/

+#define MaxArraySize ((Size) (MaxAllocSize / sizeof(Datum)))

+

+

+/*

  * Arrays are varlena objects, so must meet the varlena convention that

  * the first int32 of the object contains the total object size in bytes.

  * Be sure to use VARSIZE() and SET_VARSIZE() to access it, though!