| From: | a(dot)imamov(at)postgrespro(dot)ru |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Potential issue in ecpg-informix decimal converting functions |
| Date: | 2024-02-22 16:54:37 |
| Message-ID: | 54d2b53327516d9454daa5fb2f893bdc@postgrespro.ru |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi, everyone!
I found a potential bug in dectoint() and dectolong() functions from
informix.c. "Informix Compatibility Mode" doc chapter says that
ECPG_INFORMIX_NUM_OVERFLOW is returned if an overflow occurred. But
check this line in dectoint() or dectolong() (it is present in both):
if (ret == PGTYPES_NUM_OVERFLOW) - condition is always
false because PGTYPESnumeric_to_int() and PGTYPESnumeric_to_long()
functions return only 0 or -1. So ECPG_INFORMIX_NUM_OVERFLOW can never
be returned.
I think dectoint(), dectolong() and PGTYPESnumeric_to_int() functions
should be a little bit different like in proposing patch.
What do you think?
The flaw was catched with the help of Svace static analyzer.
https://svace.pages.ispras.ru/svace-website/en/
Thank you!
| Attachment | Content-Type | Size |
|---|---|---|
| informix_convert_from_decimal.patch | text/x-diff | 5.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-02-22 17:02:51 | Re: Experiments with Postgres and SSL |
| Previous Message | Tomas Vondra | 2024-02-22 16:36:00 | Re: Sequence Access Methods, round two |