From: Robert Haas <rhaas@postgresql.org>
Date: Wed, 30 Dec 2009 01:29:22 +0000 (+0000)
Subject: Reject invalid input in int2vectorin.
X-Git-Tag: REL9_0_ALPHA4~394
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3d4b0ab29cfee7cbb9932065216b58b6c820a791;p=postgresql

Reject invalid input in int2vectorin.

Since the int2vector type is intended only for internal use, this patch doesn't
worry about prettifying the error messages, which has the fringe benefit of
avoiding creating additional translatable strings.  For a type intended to be
used by end-users, we would want to do better, but the approach taken here
seems like the correct trade-off for this case.

Caleb Welton
---

diff --git a/src/backend/utils/adt/int.c b/src/backend/utils/adt/int.c
index 66cbca7079..18755894ae 100644
--- a/src/backend/utils/adt/int.c
+++ b/src/backend/utils/adt/int.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/int.c,v 1.86 2009/09/04 11:20:22 heikki Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/int.c,v 1.87 2009/12/30 01:29:22 rhaas Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -146,10 +146,11 @@ int2vectorin(PG_FUNCTION_ARGS)
 
 	for (n = 0; *intString && n < FUNC_MAX_ARGS; n++)
 	{
-		if (sscanf(intString, "%hd", &result->values[n]) != 1)
-			break;
 		while (*intString && isspace((unsigned char) *intString))
 			intString++;
+		if (*intString == '\0')
+			break;		
+		result->values[n] = pg_atoi(intString, sizeof(int16), ' ');
 		while (*intString && !isspace((unsigned char) *intString))
 			intString++;
 	}