From a76cfba663ceab79b891cc81a5f941051755b3b0 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Mon, 5 Aug 2019 15:35:16 +0900 Subject: [PATCH] Add safeguards in LSN, numeric and float calculation for custom errors MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Those data types use parsing and/or calculation wrapper routines which can generate some generic error messages in the event of a failure. The caller of these routines can also pass a pointer variable settable by the routine to track if an error has happened, letting the caller decide what to do in the event of an error and what error message to generate. Those routines have been slacking the initialization of the tracking flag, which can be confusing when reading the code, so add some safeguards against calls of these parsing routines which could lead to a dubious result. The LSN parsing gains an assertion to make sure that the tracking flag is set, while numeric and float paths initialize the flag to a saner state. Author: Jeevan Ladhe Reviewed-by: Álvaro Herrera, Michael Paquier Discussion: https://postgr.es/m/CAOgcT0NOM9oR0Hag_3VpyW0uF3iCU=BDUFSPfk9JrWXRcWQHqw@mail.gmail.com --- src/backend/utils/adt/float.c | 20 +++++++++++++------- src/backend/utils/adt/numeric.c | 12 ++++++++++++ src/backend/utils/adt/pg_lsn.c | 3 +++ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c index 7540ca22ef..77a5d7d42f 100644 --- a/src/backend/utils/adt/float.c +++ b/src/backend/utils/adt/float.c @@ -337,7 +337,7 @@ float8in(PG_FUNCTION_ARGS) } /* Convenience macro: set *have_error flag (if provided) or throw error */ -#define RETURN_ERROR(throw_error) \ +#define RETURN_ERROR(throw_error, have_error) \ do { \ if (have_error) { \ *have_error = true; \ @@ -376,6 +376,9 @@ float8in_internal_opt_error(char *num, char **endptr_p, double val; char *endptr; + if (have_error) + *have_error = false; + /* skip leading whitespace */ while (*num != '\0' && isspace((unsigned char) *num)) num++; @@ -388,7 +391,8 @@ float8in_internal_opt_error(char *num, char **endptr_p, RETURN_ERROR(ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg("invalid input syntax for type %s: \"%s\"", - type_name, orig_string)))); + type_name, orig_string))), + have_error); errno = 0; val = strtod(num, &endptr); @@ -463,9 +467,9 @@ float8in_internal_opt_error(char *num, char **endptr_p, errnumber[endptr - num] = '\0'; RETURN_ERROR(ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), - errmsg("\"%s\" is out of range for " - "type double precision", - errnumber)))); + errmsg("\"%s\" is out of range for type double precision", + errnumber))), + have_error); } } else @@ -473,7 +477,8 @@ float8in_internal_opt_error(char *num, char **endptr_p, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg("invalid input syntax for type " "%s: \"%s\"", - type_name, orig_string)))); + type_name, orig_string))), + have_error); } #ifdef HAVE_BUGGY_SOLARIS_STRTOD else @@ -500,7 +505,8 @@ float8in_internal_opt_error(char *num, char **endptr_p, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg("invalid input syntax for type " "%s: \"%s\"", - type_name, orig_string)))); + type_name, orig_string))), + have_error); return val; } diff --git a/src/backend/utils/adt/numeric.c b/src/backend/utils/adt/numeric.c index 201784bbf6..a00db3ce7a 100644 --- a/src/backend/utils/adt/numeric.c +++ b/src/backend/utils/adt/numeric.c @@ -2605,6 +2605,9 @@ numeric_div_opt_error(Numeric num1, Numeric num2, bool *have_error) Numeric res; int rscale; + if (have_error) + *have_error = false; + /* * Handle NaN */ @@ -2721,6 +2724,9 @@ numeric_mod_opt_error(Numeric num1, Numeric num2, bool *have_error) NumericVar arg2; NumericVar result; + if (have_error) + *have_error = false; + if (NUMERIC_IS_NAN(num1) || NUMERIC_IS_NAN(num2)) return make_result(&const_nan); @@ -3207,6 +3213,9 @@ numeric_int4_opt_error(Numeric num, bool *have_error) NumericVar x; int32 result; + if (have_error) + *have_error = false; + /* XXX would it be better to return NULL? */ if (NUMERIC_IS_NAN(num)) { @@ -6249,6 +6258,9 @@ make_result_opt_error(const NumericVar *var, bool *have_error) int n; Size len; + if (have_error) + *have_error = false; + if (sign == NUMERIC_NAN) { result = (Numeric) palloc(NUMERIC_HDRSZ_SHORT); diff --git a/src/backend/utils/adt/pg_lsn.c b/src/backend/utils/adt/pg_lsn.c index b4c6c2309c..728892e709 100644 --- a/src/backend/utils/adt/pg_lsn.c +++ b/src/backend/utils/adt/pg_lsn.c @@ -34,6 +34,9 @@ pg_lsn_in_internal(const char *str, bool *have_error) off; XLogRecPtr result; + Assert(have_error != NULL); + *have_error = false; + /* Sanity check input format. */ len1 = strspn(str, "0123456789abcdefABCDEF"); if (len1 < 1 || len1 > MAXPG_LSNCOMPONENT || str[len1] != '/') -- 2.40.0