Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6d3a9a6

Browse files
committed
Fix corner case bug in numeric to_char() some more.
The band-aid applied in commitf0bedf3 turns out to still needsome work: it made sure we didn't set Np->last_relevant too small(to the left of the decimal point), but it didn't prevent settingit too large (off the end of the partially-converted string).This could result in fetching data beyond the end of the allocatedspace, which with very bad luck could cause a SIGSEGV, thoughI don't see any hazard of interesting memory disclosure.Per bug #17839 from Thiago Nunes. The bug's pretty ancient,so back-patch to all supported versions.Discussion:https://postgr.es/m/17839-aada50db24d7b0da@postgresql.org
1 parentc25a929 commit6d3a9a6

File tree

3 files changed

+16
-2
lines changed

3 files changed

+16
-2
lines changed

‎src/backend/utils/adt/formatting.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4983,13 +4983,20 @@ NUM_processor(FormatNode *node, NUMDesc *Num, char *inout,
49834983

49844984
/*
49854985
* If any '0' specifiers are present, make sure we don't strip
4986-
* those digits.
4986+
* those digits. But don't advance last_relevant beyond the last
4987+
* character of the Np->number string, which is a hazard if the
4988+
* number got shortened due to precision limitations.
49874989
*/
49884990
if (Np->last_relevant&&Np->Num->zero_end>Np->out_pre_spaces)
49894991
{
4992+
intlast_zero_pos;
49904993
char*last_zero;
49914994

4992-
last_zero=Np->number+ (Np->Num->zero_end-Np->out_pre_spaces);
4995+
/* note that Np->number cannot be zero-length here */
4996+
last_zero_pos=strlen(Np->number)-1;
4997+
last_zero_pos=Min(last_zero_pos,
4998+
Np->Num->zero_end-Np->out_pre_spaces);
4999+
last_zero=Np->number+last_zero_pos;
49935000
if (Np->last_relevant<last_zero)
49945001
Np->last_relevant=last_zero;
49955002
}

‎src/test/regress/expected/numeric.out

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1266,6 +1266,12 @@ SELECT '' AS to_char_26, to_char('100'::numeric, 'FM999');
12661266
| 100
12671267
(1 row)
12681268

1269+
SELECT to_char('12345678901'::float8, 'FM9999999999D9999900000000000000000');
1270+
to_char
1271+
-----------------
1272+
##########.####
1273+
(1 row)
1274+
12691275
-- Check parsing of literal text in a format string
12701276
SELECT '' AS to_char_27, to_char('100'::numeric, 'foo999');
12711277
to_char_27 | to_char

‎src/test/regress/sql/numeric.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -799,6 +799,7 @@ SELECT '' AS to_char_23, to_char(val, '9.999EEEE')FROM num_data;
799799
SELECT''AS to_char_24, to_char('100'::numeric,'FM999.9');
800800
SELECT''AS to_char_25, to_char('100'::numeric,'FM999.');
801801
SELECT''AS to_char_26, to_char('100'::numeric,'FM999');
802+
SELECT to_char('12345678901'::float8,'FM9999999999D9999900000000000000000');
802803

803804
-- Check parsing of literal text in a format string
804805
SELECT''AS to_char_27, to_char('100'::numeric,'foo999');

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp