From: | a(dot)imamov(at)postgrespro(dot)ru |
---|---|
To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Potential issue in ecpg-informix decimal converting functions |
Date: | 2024-02-22 16:54:37 |
Message-ID: | 54d2b53327516d9454daa5fb2f893bdc@postgrespro.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi, everyone!
I found a potential bug in dectoint() and dectolong() functions from
informix.c. "Informix Compatibility Mode" doc chapter says that
ECPG_INFORMIX_NUM_OVERFLOW is returned if an overflow occurred. But
check this line in dectoint() or dectolong() (it is present in both):
if (ret == PGTYPES_NUM_OVERFLOW) - condition is always
false because PGTYPESnumeric_to_int() and PGTYPESnumeric_to_long()
functions return only 0 or -1. So ECPG_INFORMIX_NUM_OVERFLOW can never
be returned.
I think dectoint(), dectolong() and PGTYPESnumeric_to_int() functions
should be a little bit different like in proposing patch.
What do you think?
The flaw was catched with the help of Svace static analyzer.
https://svace.pages.ispras.ru/svace-website/en/
Thank you!
Attachment | Content-Type | Size |
---|---|---|
informix_convert_from_decimal.patch | text/x-diff | 5.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2024-02-22 17:02:51 | Re: Experiments with Postgres and SSL |
Previous Message | Tomas Vondra | 2024-02-22 16:36:00 | Re: Sequence Access Methods, round two |