On 2020-01-06 21:00, Magnus Hagander wrote:
>> +0.5 to avoid calling OidInputFunctionCall()
>
> Or just directly using atol() instead of atoi()? Well maybe not
> directly but in a small wrapper that verifies it's not bigger than an
> unsigned?
>
> Unlike in cases where we use oidin etc, we are dealing with data that
> is "mostly trusted" here, aren't we? Meaning we could call atol() on
> it, and throw an error if it overflows, and be done with it?
> Subdirectories in the data directory aren't exactly "untrusted enduser
> data"...
Yeah, it looks like we are using strtoul() without additional error
checking in similar situations, so here is a patch doing it like that.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services