From 6412f3e2d09b562fafc129c134e7336c4fe790ed Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 21 Jul 2014 22:41:20 -0400 Subject: Reject out-of-range numeric timezone specifications. In commit 631dc390f49909a5c8ebd6002cfb2bcee5415a9d, we started to handle simple numeric timezone offsets via the zic library instead of the old CTimeZone/HasCTZSet kluge. However, we overlooked the fact that the zic code will reject UTC offsets exceeding a week (which seems a bit arbitrary, but not because it's too tight ...). This led to possibly setting session_timezone to NULL, which results in crashes in most timezone-related operations as of 9.4, and crashes in a small number of places even before that. So check for NULL return from pg_tzset_offset() and report an appropriate error message. Per bug #11014 from Duncan Gillis. Back-patch to all supported branches, like the previous patch. (Unfortunately, as of today that no longer includes 8.4.) --- src/backend/commands/variable.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/backend/commands/variable.c') diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index f299738d66b..40a991653d5 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -349,6 +349,13 @@ check_timezone(char **newval, void **extra, GucSource source) } } + /* Test for failure in pg_tzset_offset, which we assume is out-of-range */ + if (!new_tz) + { + GUC_check_errdetail("UTC timezone offset is out of range."); + return false; + } + /* * Pass back data for assign_timezone to use */ -- cgit v1.2.3