Detect buffer underflow in get_th()

Peter Eisentraut <peter@eisentraut.org>

Commit: c61d51d50006a2a7bfe25d62ea0677e318febedc
Author: Peter Eisentraut <peter@eisentraut.org>
Date: 2025-08-18T09:03:22Z
Detect buffer underflow in get_th()

Input with zero length can result in a buffer underflow when
accessing *(num + (len - 1)), as (len - 1) would produce a negative
index.  Add an assertion for zero-length input to prevent it.

This was found by ALT Linux Team.

Reviewing the call sites shows that get_th() currently cannot be
applied to an empty string: it is always called on a string containing
a number we've just printed.  Therefore, an assertion rather than a
user-facing error message is sufficient.

Co-authored-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Discussion: https://www.postgresql.org/message-id/flat/e22df993-cdb4-4d0a-b629-42211ebed582@altlinux.org

Files

PathChange+/−
src/backend/utils/adt/formatting.c modified +2 −0

Discussion