Re: Seg-fault in format(text)
| От | Tom Lane |
|---|---|
| Тема | Re: Seg-fault in format(text) |
| Дата | |
| Msg-id | 12736.1306161191@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Seg-fault in format(text) (Dean Rasheed <dean.a.rasheed@gmail.com>) |
| Ответы |
Re: Seg-fault in format(text)
|
| Список | pgsql-bugs |
Dean Rasheed <dean.a.rasheed@gmail.com> writes:
> Testing 9.1beta:
> select format('Hello %s, %2147483648$s', 'World');
> server closed the connection unexpectedly
Yeah, same here.
> do
> {
> /* Treat overflowing arg position as unterminated. */
> ! if (arg > INT_MAX / 10)
> break;
> arg = arg * 10 + (*cp - '0');
> ++cp;
> --- 3837,3843 ----
> do
> {
> /* Treat overflowing arg position as unterminated. */
> ! if (arg >= INT_MAX / 10)
> break;
> arg = arg * 10 + (*cp - '0');
> ++cp;
Not sure I trust this fix to catch all cases --- seems like the addition
could still overflow. It'd probably be better if we made this code look
like the overflow test in scanint8:
int64 newtmp = tmp * 10 + (*ptr++ - '0');
if ((newtmp / 10) != tmp) /* overflow? */
regards, tom lane
В списке pgsql-bugs по дате отправления: