Fix overflow in parsing of positional parameter
Peter Eisentraut <peter@eisentraut.org>
Fix overflow in parsing of positional parameter Replace atol with pg_strtoint32_safe in the backend parser and with strtoint in ECPG to reject overflows when parsing the number of a positional parameter. With atol from glibc, parameters $2147483648 and $4294967297 turn into $-2147483648 and $1, respectively. Author: Erik Wienhold <ewie@ewie.name> Reviewed-by: Michael Paquier <michael@paquier.xyz> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Alexander Lakhin <exclusion@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/5d216d1c-91f6-4cbe-95e2-b4cbd930520c@ewie.name
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/parser/scan.l | modified | +7 −1 |
| src/interfaces/ecpg/preproc/pgc.l | modified | +7 −1 |
| src/test/regress/expected/numerology.out | modified | +4 −0 |
| src/test/regress/sql/numerology.sql | modified | +1 −0 |
Discussion
- Underscore in positional parameters? 26 messages · 2024-05-14 → 2024-07-04