Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit34be83b

Browse files
committed
Fix integer overflow in text_format function, reported by Dean Rasheed.
In the passing, clarify the comment on why text_format_nv wrapper is needed.
1 parent7149b12 commit34be83b

File tree

1 file changed

+22
-5
lines changed

1 file changed

+22
-5
lines changed

‎src/backend/utils/adt/varlena.c

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3827,7 +3827,19 @@ text_format(PG_FUNCTION_ARGS)
38273827
* to the next one. If they have, we must parse it.
38283828
*/
38293829
if (*cp<'0'||*cp>'9')
3830+
{
38303831
++arg;
3832+
if (arg <=0)/* overflow? */
3833+
{
3834+
/*
3835+
* Should not happen, as you can't pass billions of arguments
3836+
* to a function, but better safe than sorry.
3837+
*/
3838+
ereport(ERROR,
3839+
(errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
3840+
errmsg("argument number is out of range")));
3841+
}
3842+
}
38313843
else
38323844
{
38333845
boolunterminated= false;
@@ -3836,10 +3848,13 @@ text_format(PG_FUNCTION_ARGS)
38363848
arg=0;
38373849
do
38383850
{
3839-
/* Treat overflowing arg position as unterminated. */
3840-
if (arg>INT_MAX /10)
3841-
break;
3842-
arg=arg*10+ (*cp-'0');
3851+
intnewarg=arg*10+ (*cp-'0');
3852+
3853+
if (newarg /10!=arg)/* overflow? */
3854+
ereport(ERROR,
3855+
(errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
3856+
errmsg("argument number is out of range")));
3857+
arg=newarg;
38433858
++cp;
38443859
}while (cp<end_ptr&&*cp >='0'&&*cp <='9');
38453860

@@ -3954,7 +3969,9 @@ text_format_string_conversion(StringInfo buf, char conversion,
39543969
/*
39553970
* text_format_nv - nonvariadic wrapper for text_format function.
39563971
*
3957-
* note: this wrapper is necessary to be sanity_checks test ok
3972+
* note: this wrapper is necessary to pass the sanity check in opr_sanity,
3973+
* which checks that all built-in functions that share the implementing C
3974+
* function take the same number of arguments.
39583975
*/
39593976
Datum
39603977
text_format_nv(PG_FUNCTION_ARGS)

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp