From ac3b6ac952624ded1c9aefe4f3e8a6715f4bb1d9 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Thu, 30 Dec 2021 10:26:37 +0100 Subject: [PATCH v7 5/7] Reject trailing junk after numeric literals After this, the PostgreSQL lexers no longer accept numeric literals with trailing non-digits, such as 123abc, which would be scanned as two tokens: 123 and abc. This is undocumented and surprising, and it might also interfere with some extended numeric literal syntax being contemplated for the future. Discussion: https://www.postgresql.org/message-id/flat/b239564c-cad0-b23e-c57e-166d883cb97d@enterprisedb.com --- src/backend/parser/scan.l | 32 +++++++--- src/fe_utils/psqlscan.l | 25 +++++--- src/interfaces/ecpg/preproc/pgc.l | 22 +++++++ src/test/regress/expected/numerology.out | 77 +++++++++--------------- src/test/regress/sql/numerology.sql | 1 - 5 files changed, 91 insertions(+), 66 deletions(-) diff --git a/src/backend/parser/scan.l b/src/backend/parser/scan.l index f555ac6e6d..ab24bf70db 100644 --- a/src/backend/parser/scan.l +++ b/src/backend/parser/scan.l @@ -399,7 +399,12 @@ real ({integer}|{decimal})[Ee][-+]?{digit}+ realfail1 ({integer}|{decimal})[Ee] realfail2 ({integer}|{decimal})[Ee][-+] +integer_junk {integer}{ident_start} +decimal_junk {decimal}{ident_start} +real_junk {real}{ident_start} + param \${integer} +param_junk \${integer}{ident_start} other . @@ -974,6 +979,10 @@ other . yylval->ival = atol(yytext + 1); return PARAM; } +{param_junk} { + SET_YYLLOC(); + yyerror("trailing junk after parameter"); + } {integer} { SET_YYLLOC(); @@ -996,19 +1005,24 @@ other . return FCONST; } {realfail1} { - /* - * throw back the [Ee], and figure out whether what - * remains is an {integer} or {decimal}. - */ - yyless(yyleng - 1); SET_YYLLOC(); - return process_integer_literal(yytext, yylval); + yyerror("trailing junk after numeric literal"); } {realfail2} { - /* throw back the [Ee][+-], and proceed as above */ - yyless(yyleng - 2); SET_YYLLOC(); - return process_integer_literal(yytext, yylval); + yyerror("trailing junk after numeric literal"); + } +{integer_junk} { + SET_YYLLOC(); + yyerror("trailing junk after numeric literal"); + } +{decimal_junk} { + SET_YYLLOC(); + yyerror("trailing junk after numeric literal"); + } +{real_junk} { + SET_YYLLOC(); + yyerror("trailing junk after numeric literal"); } diff --git a/src/fe_utils/psqlscan.l b/src/fe_utils/psqlscan.l index 941ed06553..0394edb15f 100644 --- a/src/fe_utils/psqlscan.l +++ b/src/fe_utils/psqlscan.l @@ -337,7 +337,12 @@ real ({integer}|{decimal})[Ee][-+]?{digit}+ realfail1 ({integer}|{decimal})[Ee] realfail2 ({integer}|{decimal})[Ee][-+] +integer_junk {integer}{ident_start} +decimal_junk {decimal}{ident_start} +real_junk {real}{ident_start} + param \${integer} +param_junk \${integer}{ident_start} /* psql-specific: characters allowed in variable names */ variable_char [A-Za-z\200-\377_0-9] @@ -839,6 +844,9 @@ other . {param} { ECHO; } +{param_junk} { + ECHO; + } {integer} { ECHO; @@ -855,17 +863,18 @@ other . ECHO; } {realfail1} { - /* - * throw back the [Ee], and figure out whether what - * remains is an {integer} or {decimal}. - * (in psql, we don't actually care...) - */ - yyless(yyleng - 1); ECHO; } {realfail2} { - /* throw back the [Ee][+-], and proceed as above */ - yyless(yyleng - 2); + ECHO; + } +{integer_junk} { + ECHO; + } +{decimal_junk} { + ECHO; + } +{real_junk} { ECHO; } diff --git a/src/interfaces/ecpg/preproc/pgc.l b/src/interfaces/ecpg/preproc/pgc.l index 39e578e868..25fb3b43b3 100644 --- a/src/interfaces/ecpg/preproc/pgc.l +++ b/src/interfaces/ecpg/preproc/pgc.l @@ -365,7 +365,12 @@ real ({integer}|{decimal})[Ee][-+]?{digit}+ realfail1 ({integer}|{decimal})[Ee] realfail2 ({integer}|{decimal})[Ee][-+] +integer_junk {integer}{ident_start} +decimal_junk {decimal}{ident_start} +real_junk {real}{ident_start} + param \${integer} +param_junk \${integer}{ident_start} /* special characters for other dbms */ /* we have to react differently in compat mode */ @@ -917,6 +922,9 @@ cppline {space}*#([^i][A-Za-z]*|{if}|{ifdef}|{ifndef}|{import})((\/\*[^*/]*\*+ base_yylval.ival = atol(yytext+1); return PARAM; } +{param_junk} { + mmfatal(PARSE_ERROR, "trailing junk after parameter"); + } {ip} { base_yylval.str = mm_strdup(yytext); @@ -957,6 +965,20 @@ cppline {space}*#([^i][A-Za-z]*|{if}|{ifdef}|{ifndef}|{import})((\/\*[^*/]*\*+ } /* */ { +/* + * Note that some trailing junk is valid in C (such as 100LL), so we contain + * this to SQL mode. + */ +{integer_junk} { + mmfatal(PARSE_ERROR, "trailing junk after numeric literal"); + } +{decimal_junk} { + mmfatal(PARSE_ERROR, "trailing junk after numeric literal"); + } +{real_junk} { + mmfatal(PARSE_ERROR, "trailing junk after numeric literal"); + } + :{identifier}((("->"|\.){identifier})|(\[{array}\]))* { base_yylval.str = mm_strdup(yytext+1); return CVARIABLE; diff --git a/src/test/regress/expected/numerology.out b/src/test/regress/expected/numerology.out index 2ffc73e854..77d4843417 100644 --- a/src/test/regress/expected/numerology.out +++ b/src/test/regress/expected/numerology.out @@ -6,64 +6,45 @@ -- Trailing junk in numeric literals -- SELECT 123abc; - abc ------ - 123 -(1 row) - +ERROR: trailing junk after numeric literal at or near "123a" +LINE 1: SELECT 123abc; + ^ SELECT 0x0o; - x0o ------ - 0 -(1 row) - +ERROR: trailing junk after numeric literal at or near "0x" +LINE 1: SELECT 0x0o; + ^ SELECT 1_2_3; - _2_3 ------- - 1 -(1 row) - +ERROR: trailing junk after numeric literal at or near "1_" +LINE 1: SELECT 1_2_3; + ^ SELECT 0.a; - a ---- - 0 -(1 row) - +ERROR: trailing junk after numeric literal at or near "0.a" +LINE 1: SELECT 0.a; + ^ SELECT 0.0a; - a ------ - 0.0 -(1 row) - +ERROR: trailing junk after numeric literal at or near "0.0a" +LINE 1: SELECT 0.0a; + ^ SELECT .0a; - a ------ - 0.0 -(1 row) - +ERROR: trailing junk after numeric literal at or near ".0a" +LINE 1: SELECT .0a; + ^ SELECT 0.0e1a; - a ---- - 0 -(1 row) - +ERROR: trailing junk after numeric literal at or near "0.0e1a" +LINE 1: SELECT 0.0e1a; + ^ SELECT 0.0e; - e ------ - 0.0 -(1 row) - +ERROR: trailing junk after numeric literal at or near "0.0e" +LINE 1: SELECT 0.0e; + ^ SELECT 0.0e+a; -ERROR: syntax error at or near "+" +ERROR: trailing junk after numeric literal at or near "0.0e+" LINE 1: SELECT 0.0e+a; - ^ + ^ PREPARE p1 AS SELECT $1a; -EXECUTE p1(1); - a ---- - 1 -(1 row) - +ERROR: trailing junk after parameter at or near "$1a" +LINE 1: PREPARE p1 AS SELECT $1a; + ^ -- -- Test implicit type conversions -- This fails for Postgres v6.1 (and earlier?) diff --git a/src/test/regress/sql/numerology.sql b/src/test/regress/sql/numerology.sql index fb75f97832..be7d6dfe0c 100644 --- a/src/test/regress/sql/numerology.sql +++ b/src/test/regress/sql/numerology.sql @@ -17,7 +17,6 @@ SELECT 0.0e; SELECT 0.0e+a; PREPARE p1 AS SELECT $1a; -EXECUTE p1(1); -- -- Test implicit type conversions -- 2.34.1