NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6e5a39c

committed

Reject out-of-range numeric timezone specifications.

In commit631dc39, we started to handlesimple numeric timezone offsets via the zic library instead of the oldCTimeZone/HasCTZSet kluge. However, we overlooked the fact that the ziccode will reject UTC offsets exceeding a week (which seems a bit arbitrary,but not because it's too tight ...). This led to possibly settingsession_timezone to NULL, which results in crashes in most timezone-relatedoperations as of 9.4, and crashes in a small number of places even beforethat. So check for NULL return from pg_tzset_offset() and report anappropriate error message. Per bug #11014 from Duncan Gillis.Back-patch to all supported branches, like the previous patch.(Unfortunately, as of today that no longer includes 8.4.)

1 parent391aa8a commit6e5a39cCopy full SHA for 6e5a39c

File tree

2 files changed

+37

-11

lines changed

src
- backend/commands
  - variable.c
- timezone
  - pgtz.c

2 files changed

+37

-11

lines changed

`‎src/backend/commands/variable.c`

Lines changed: 34 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -241,6 +241,8 @@ assign_timezone(const char *value, bool doit, GucSource source)`
`241`	`241`	`char*result;`
`242`	`242`	`char*endptr;`
`243`	`243`	`doublehours;`
	`244`	`+intnew_ctimezone;`
	`245`	`+pg_tz*new_tz;`
`244`	`246`
`245`	`247`	`/*`
`246`	`248`	`* Check for INTERVAL 'foo'`
`@@ -294,16 +296,28 @@ assign_timezone(const char *value, bool doit, GucSource source)`
`294`	`296`	`pfree(interval);`
`295`	`297`	`returnNULL;`
`296`	`298`	`}`
`297`		`-if (doit)`
`298`		`-{`
`299`		`-/* Here we change from SQL to Unix sign convention */`
	`299`	`+`
	`300`	`+/* Here we change from SQL to Unix sign convention */`
`300`	`301`	`#ifdefHAVE_INT64_TIMESTAMP`
`301`		`-CTimeZone=-(interval->time /USECS_PER_SEC);`
	`302`	`+new_ctimezone=-(interval->time /USECS_PER_SEC);`
`302`	`303`	`#else`
`303`		`-CTimeZone=-interval->time;`
	`304`	`+new_ctimezone=-interval->time;`
`304`	`305`	`#endif`
`305`		`-session_timezone=pg_tzset_offset(CTimeZone);`
	`306`	`+new_tz=pg_tzset_offset(new_ctimezone);`
`306`	`307`
	`308`	`+if (!new_tz)`
	`309`	`+{`
	`310`	`+ereport(GUC_complaint_elevel(source),`
	`311`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`312`	`+errmsg("invalid interval value for time zone: out of range")));`
	`313`	`+pfree(interval);`
	`314`	`+returnNULL;`
	`315`	`+}`
	`316`	`+`
	`317`	`+if (doit)`
	`318`	`+{`
	`319`	`+CTimeZone=new_ctimezone;`
	`320`	`+session_timezone=new_tz;`
`307`	`321`	`HasCTZSet= true;`
`308`	`322`	`}`
`309`	`323`	`pfree(interval);`
`@@ -316,11 +330,22 @@ assign_timezone(const char *value, bool doit, GucSource source)`
`316`	`330`	`hours=strtod(value,&endptr);`
`317`	`331`	`if (endptr!=value&&*endptr=='\0')`
`318`	`332`	`{`
	`333`	`+/* Here we change from SQL to Unix sign convention */`
	`334`	`+new_ctimezone=-hours*SECS_PER_HOUR;`
	`335`	`+new_tz=pg_tzset_offset(new_ctimezone);`
	`336`	`+`
	`337`	`+if (!new_tz)`
	`338`	`+{`
	`339`	`+ereport(GUC_complaint_elevel(source),`
	`340`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`341`	`+errmsg("invalid value for time zone: out of range")));`
	`342`	`+returnNULL;`
	`343`	`+}`
	`344`	`+`
`319`	`345`	`if (doit)`
`320`	`346`	`{`
`321`		`-/* Here we change from SQL to Unix sign convention */`
`322`		`-CTimeZone=-hours*SECS_PER_HOUR;`
`323`		`-session_timezone=pg_tzset_offset(CTimeZone);`
	`347`	`+CTimeZone=new_ctimezone;`
	`348`	`+session_timezone=new_tz;`
`324`	`349`	`HasCTZSet= true;`
`325`	`350`	`}`
`326`	`351`	`}`
`@@ -352,8 +377,6 @@ assign_timezone(const char *value, bool doit, GucSource source)`
`352`	`377`	`/*`
`353`	`378`	`* Otherwise assume it is a timezone name, and try to load it.`
`354`	`379`	`*/`
`355`		`-pg_tz*new_tz;`
`356`		`-`
`357`	`380`	`new_tz=pg_tzset(value);`
`358`	`381`
`359`	`382`	`if (!new_tz)`

`‎src/timezone/pgtz.c`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1333,6 +1333,9 @@ pg_tzset(const char *name)`
`1333`	`1333`	`* The GMT offset is specified in seconds, positive values meaning west of`
`1334`	`1334`	`* Greenwich (ie, POSIX not ISO sign convention). However, we use ISO`
`1335`	`1335`	`* sign convention in the displayable abbreviation for the zone.`
	`1336`	`+ *`
	`1337`	`+ * Caution: this can fail (return NULL) if the specified offset is outside`
	`1338`	`+ * the range allowed by the zic library.`
`1336`	`1339`	`*/`
`1337`	`1340`	`pg_tz*`
`1338`	`1341`	`pg_tzset_offset(longgmtoffset)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6e5a39c

File tree

2 files changed

2 files changed

`‎src/backend/commands/variable.c`

`‎src/timezone/pgtz.c`

0 commit comments