Normally nel == 0 works okay because the initial value of "last" will be
less than "base"; but if "base" is zero then the calculation wraps around
and we have a very large (unsigned) value for "last", so that the loop can
be entered and we get a SIGSEGV on a bogus pointer.
This is certainly the proximate cause of the recent reports of Windows
builds crashing on 'infinity'::timestamp --- evidently, they're either not
setting an active timezonetktbl, or setting an empty one. It's not yet
clear to me why it's only happening on Windows and not happening on any
buildfarm member. But even if that's due to some bug elsewhere, it seems
wise for this function to not choke on the powerup values of
timezonetktbl/sztimezonetktbl.
I also changed the copy of this code in ecpglib, although I am not sure
whether it's exposed to a similar hazard.
Per report and stack trace from Richard Broersma.
static const datetkn *
datebsearch(const char *key, const datetkn *base, int nel)
{
- const datetkn *last = base + nel - 1,
- *position;
- int result;
-
- while (last >= base)
+ if (nel > 0)
{
- position = base + ((last - base) >> 1);
- result = key[0] - position->token[0];
- if (result == 0)
+ const datetkn *last = base + nel - 1,
+ *position;
+ int result;
+
+ while (last >= base)
{
- result = strncmp(key, position->token, TOKMAXLEN);
+ position = base + ((last - base) >> 1);
+ result = key[0] - position->token[0];
if (result == 0)
- return position;
+ {
+ result = strncmp(key, position->token, TOKMAXLEN);
+ if (result == 0)
+ return position;
+ }
+ if (result < 0)
+ last = position - 1;
+ else
+ base = position + 1;
}
- if (result < 0)
- last = position - 1;
- else
- base = position + 1;
}
return NULL;
}
static datetkn *
datebsearch(char *key, datetkn *base, unsigned int nel)
{
- datetkn *last = base + nel - 1,
- *position;
- int result;
-
- while (last >= base)
+ if (nel > 0)
{
- position = base + ((last - base) >> 1);
- result = key[0] - position->token[0];
- if (result == 0)
+ datetkn *last = base + nel - 1,
+ *position;
+ int result;
+
+ while (last >= base)
{
- result = strncmp(key, position->token, TOKMAXLEN);
+ position = base + ((last - base) >> 1);
+ result = key[0] - position->token[0];
if (result == 0)
- return position;
+ {
+ result = strncmp(key, position->token, TOKMAXLEN);
+ if (result == 0)
+ return position;
+ }
+ if (result < 0)
+ last = position - 1;
+ else
+ base = position + 1;
}
- if (result < 0)
- last = position - 1;
- else
- base = position + 1;
}
return NULL;
}
projects / postgresql / commitdiff