Skip site navigation (1) Skip section navigation (2)

Re: Seg-fault in format(text)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Seg-fault in format(text)
Date: 2011-05-23 14:33:11
Message-ID: 12736.1306161191@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> writes:
> Testing 9.1beta:
> select format('Hello %s, %2147483648$s', 'World');
> server closed the connection unexpectedly

Yeah, same here.

>   			do
>   			{
>   				/* Treat overflowing arg position as unterminated. */
> ! 				if (arg > INT_MAX / 10)
>   					break;
>   				arg = arg * 10 + (*cp - '0');
>   				++cp;
> --- 3837,3843 ----
>   			do
>   			{
>   				/* Treat overflowing arg position as unterminated. */
> ! 				if (arg >= INT_MAX / 10)
>   					break;
>   				arg = arg * 10 + (*cp - '0');
>   				++cp;

Not sure I trust this fix to catch all cases --- seems like the addition
could still overflow.  It'd probably be better if we made this code look
like the overflow test in scanint8:

		int64		newtmp = tmp * 10 + (*ptr++ - '0');

		if ((newtmp / 10) != tmp)		/* overflow? */


			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Heikki LinnakangasDate: 2011-05-23 15:10:51
Subject: Re: Seg-fault in format(text)
Previous:From: Dean RasheedDate: 2011-05-23 14:02:51
Subject: Seg-fault in format(text)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group