From a958b07bc4533d8c80b0f10cc4a3b209002b387f Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 4 Jun 2020 16:42:08 -0400 Subject: Reject "23:59:60.nnn" in datetime input. It's intentional that we don't allow values greater than 24 hours, while we do allow "24:00:00" as well as "23:59:60" as inputs. However, the range check was miscoded in such a way that it would accept "23:59:60.nnn" with a nonzero fraction. For time or timetz, the stored result would then be greater than "24:00:00" which would fail dump/reload, not to mention possibly confusing other operations. Fix by explicitly calculating the result and making sure it does not exceed 24 hours. (This calculation is redundant with what will happen later in tm2time or tm2timetz. Maybe someday somebody will find that annoying enough to justify refactoring to avoid the duplication; but that seems too invasive for a back-patched bug fix, and the cost is probably unmeasurable anyway.) Note that this change also rejects such input as the time portion of a timestamp(tz) value. Back-patch to v10. The bug is far older, but to change this pre-v10 we'd need to ensure that the logic behaves sanely with float timestamps, which is possibly nontrivial due to roundoff considerations. Doesn't really seem worth troubling with. Per report from Christoph Berg. Discussion: https://postgr.es/m/20200520125807.GB296739@msg.df7cb.de --- src/backend/utils/adt/timestamp.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) (limited to 'src/backend/utils/adt/timestamp.c') diff --git a/src/backend/utils/adt/timestamp.c b/src/backend/utils/adt/timestamp.c index 666452d81ef..a246ffa8036 100644 --- a/src/backend/utils/adt/timestamp.c +++ b/src/backend/utils/adt/timestamp.c @@ -32,6 +32,7 @@ #include "parser/scansup.h" #include "utils/array.h" #include "utils/builtins.h" +#include "utils/date.h" #include "utils/datetime.h" #include "utils/float.h" @@ -567,18 +568,8 @@ make_timestamp_internal(int year, int month, int day, date = date2j(tm.tm_year, tm.tm_mon, tm.tm_mday) - POSTGRES_EPOCH_JDATE; - /* - * This should match the checks in DecodeTimeOnly, except that since we're - * dealing with a float "sec" value, we also explicitly reject NaN. (An - * infinity input should get rejected by the range comparisons, but we - * can't be sure how those will treat a NaN.) - */ - if (hour < 0 || min < 0 || min > MINS_PER_HOUR - 1 || - isnan(sec) || - sec < 0 || sec > SECS_PER_MINUTE || - hour > HOURS_PER_DAY || - /* test for > 24:00:00 */ - (hour == HOURS_PER_DAY && (min > 0 || sec > 0))) + /* Check for time overflow */ + if (float_time_overflows(hour, min, sec)) ereport(ERROR, (errcode(ERRCODE_DATETIME_FIELD_OVERFLOW), errmsg("time field value out of range: %d:%02d:%02g", @@ -586,7 +577,7 @@ make_timestamp_internal(int year, int month, int day, /* This should match tm2time */ time = (((hour * MINS_PER_HOUR + min) * SECS_PER_MINUTE) - * USECS_PER_SEC) + rint(sec * USECS_PER_SEC); + * USECS_PER_SEC) + (int64) rint(sec * USECS_PER_SEC); result = date * USECS_PER_DAY + time; /* check for major overflow */ -- cgit v1.2.3