Potential issue in ecpg-informix decimal converting functions

From: a(dot)imamov(at)postgrespro(dot)ru
To: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Potential issue in ecpg-informix decimal converting functions
Date: 2024-02-22 16:54:37
Message-ID: 54d2b53327516d9454daa5fb2f893bdc@postgrespro.ru
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi, everyone!

I found a potential bug in dectoint() and dectolong() functions from
informix.c. "Informix Compatibility Mode" doc chapter says that
ECPG_INFORMIX_NUM_OVERFLOW is returned if an overflow occurred. But
check this line in dectoint() or dectolong() (it is present in both):
if (ret == PGTYPES_NUM_OVERFLOW) - condition is always
false because PGTYPESnumeric_to_int() and PGTYPESnumeric_to_long()
functions return only 0 or -1. So ECPG_INFORMIX_NUM_OVERFLOW can never
be returned.

I think dectoint(), dectolong() and PGTYPESnumeric_to_int() functions
should be a little bit different like in proposing patch.
What do you think?

The flaw was catched with the help of Svace static analyzer.
https://svace.pages.ispras.ru/svace-website/en/

Thank you!

Attachment Content-Type Size
informix_convert_from_decimal.patch text/x-diff 5.7 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Heikki Linnakangas 2024-02-22 17:02:51 Re: Experiments with Postgres and SSL
Previous Message Tomas Vondra 2024-02-22 16:36:00 Re: Sequence Access Methods, round two