diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-12-21 17:51:50 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-12-21 17:51:50 -0500 |
| commit | f489b480f4aa8b4db4858a7bef1b42c984992c8a (patch) | |
| tree | 6eac6eeb118c6a7cd3c54a8f585bc8df7b3556ba /contrib | |
| parent | ea5ae4cae6a230e048f0ff4587b54d441712c6fd (diff) | |
| download | postgresql-f489b480f4aa8b4db4858a7bef1b42c984992c8a.tar.gz postgresql-f489b480f4aa8b4db4858a7bef1b42c984992c8a.zip | |
Fix contrib/seg to be more wary of long input numbers.
seg stores the number of significant digits in an input number
in a "char" field. If char is signed, and the input is more than
127 digits long, the count can read out as negative causing
seg_out() to print garbage (or, if you're really unlucky,
even crash).
To fix, clamp the digit count to be not more than FLT_DIG.
(In theory this loses some information about what the original
input was, but it doesn't seem like useful information; it would
not survive dump/restore in any case.)
Also, in case there are stored values of the seg type containing
bad data, add a clamp in seg_out's restore() subroutine.
Per bug #17725 from Robins Tharakan. It's been like this
forever, so back-patch to all supported branches.
Discussion: https://postgr.es/m/17725-0a09313b67fbe86e@postgresql.org
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/seg/expected/seg.out | 7 | ||||
| -rw-r--r-- | contrib/seg/seg.c | 8 | ||||
| -rw-r--r-- | contrib/seg/segparse.y | 22 | ||||
| -rw-r--r-- | contrib/seg/sql/seg.sql | 3 |
4 files changed, 33 insertions, 7 deletions
diff --git a/contrib/seg/expected/seg.out b/contrib/seg/expected/seg.out index e617dd7e299..2320464dd47 100644 --- a/contrib/seg/expected/seg.out +++ b/contrib/seg/expected/seg.out @@ -256,6 +256,13 @@ SELECT '12.34567890123456'::seg AS seg; 12.3457 (1 row) +-- Same, with a very long input +SELECT '12.3456789012345600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'::seg AS seg; + seg +--------- + 12.3457 +(1 row) + -- Numbers with certainty indicators SELECT '~6.5'::seg AS seg; seg diff --git a/contrib/seg/seg.c b/contrib/seg/seg.c index 4a8e2be3290..91b8a796004 100644 --- a/contrib/seg/seg.c +++ b/contrib/seg/seg.c @@ -927,9 +927,13 @@ restore(char *result, float val, int n) /* * Put a cap on the number of significant digits to avoid garbage in the - * output and ensure we don't overrun the result buffer. + * output and ensure we don't overrun the result buffer. (n should not be + * negative, but check to protect ourselves against corrupted data.) */ - n = Min(n, FLT_DIG); + if (n <= 0) + n = FLT_DIG; + else + n = Min(n, FLT_DIG); /* remember the sign */ sign = (val < 0 ? 1 : 0); diff --git a/contrib/seg/segparse.y b/contrib/seg/segparse.y index 040cab39041..3115b12ebd4 100644 --- a/contrib/seg/segparse.y +++ b/contrib/seg/segparse.y @@ -3,6 +3,7 @@ #include "postgres.h" +#include <float.h> #include <math.h> #include "fmgr.h" @@ -23,6 +24,8 @@ static float seg_atof(const char *value); +static int sig_digits(const char *value); + static char strbuf[25] = { '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', @@ -63,9 +66,9 @@ range: boundary PLUMIN deviation result->lower = $1.val - $3.val; result->upper = $1.val + $3.val; sprintf(strbuf, "%g", result->lower); - result->l_sigd = Max(Min(6, significant_digits(strbuf)), Max($1.sigd, $3.sigd)); + result->l_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd)); sprintf(strbuf, "%g", result->upper); - result->u_sigd = Max(Min(6, significant_digits(strbuf)), Max($1.sigd, $3.sigd)); + result->u_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd)); result->l_ext = '\0'; result->u_ext = '\0'; } @@ -122,7 +125,7 @@ boundary: SEGFLOAT float val = seg_atof($1); $$.ext = '\0'; - $$.sigd = significant_digits($1); + $$.sigd = sig_digits($1); $$.val = val; } | EXTENSION SEGFLOAT @@ -131,7 +134,7 @@ boundary: SEGFLOAT float val = seg_atof($2); $$.ext = $1[0]; - $$.sigd = significant_digits($2); + $$.sigd = sig_digits($2); $$.val = val; } ; @@ -142,7 +145,7 @@ deviation: SEGFLOAT float val = seg_atof($1); $$.ext = '\0'; - $$.sigd = significant_digits($1); + $$.sigd = sig_digits($1); $$.val = val; } ; @@ -159,5 +162,14 @@ seg_atof(const char *value) return DatumGetFloat4(datum); } +static int +sig_digits(const char *value) +{ + int n = significant_digits(value); + + /* Clamp, to ensure value will fit in sigd fields */ + return Min(n, FLT_DIG); +} + #include "segscan.c" diff --git a/contrib/seg/sql/seg.sql b/contrib/seg/sql/seg.sql index 6fe33e90e4e..a027d4de97e 100644 --- a/contrib/seg/sql/seg.sql +++ b/contrib/seg/sql/seg.sql @@ -60,6 +60,9 @@ SELECT '3.400e5'::seg AS seg; -- Digits truncated SELECT '12.34567890123456'::seg AS seg; +-- Same, with a very long input +SELECT '12.3456789012345600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'::seg AS seg; + -- Numbers with certainty indicators SELECT '~6.5'::seg AS seg; SELECT '<6.5'::seg AS seg; |