@@ -3827,7 +3827,19 @@ text_format(PG_FUNCTION_ARGS)
38273827 * to the next one. If they have, we must parse it.
38283828 */
38293829if (* cp < '0' || * cp > '9' )
3830+ {
38303831++ arg ;
3832+ if (arg <=0 )/* overflow? */
3833+ {
3834+ /*
3835+ * Should not happen, as you can't pass billions of arguments
3836+ * to a function, but better safe than sorry.
3837+ */
3838+ ereport (ERROR ,
3839+ (errcode (ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE ),
3840+ errmsg ("argument number is out of range" )));
3841+ }
3842+ }
38313843else
38323844{
38333845bool unterminated = false;
@@ -3836,10 +3848,13 @@ text_format(PG_FUNCTION_ARGS)
38363848arg = 0 ;
38373849do
38383850{
3839- /* Treat overflowing arg position as unterminated. */
3840- if (arg > INT_MAX /10 )
3841- break ;
3842- arg = arg * 10 + (* cp - '0' );
3851+ int newarg = arg * 10 + (* cp - '0' );
3852+
3853+ if (newarg /10 != arg )/* overflow? */
3854+ ereport (ERROR ,
3855+ (errcode (ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE ),
3856+ errmsg ("argument number is out of range" )));
3857+ arg = newarg ;
38433858++ cp ;
38443859}while (cp < end_ptr && * cp >='0' && * cp <='9' );
38453860
@@ -3954,7 +3969,9 @@ text_format_string_conversion(StringInfo buf, char conversion,
39543969/*
39553970 * text_format_nv - nonvariadic wrapper for text_format function.
39563971 *
3957- * note: this wrapper is necessary to be sanity_checks test ok
3972+ * note: this wrapper is necessary to pass the sanity check in opr_sanity,
3973+ * which checks that all built-in functions that share the implementing C
3974+ * function take the same number of arguments.
39583975 */
39593976Datum
39603977text_format_nv (PG_FUNCTION_ARGS )