Thread
Commits
-
Guard against overflow in interval_mul() and interval_div().
- f499d2b20b42 12.18 landed
- 428770aadca9 13.14 landed
- 2ffcebdba4cf 14.11 landed
- 2851aa7d1fc3 15.6 landed
- 72d0c135bd7a 16.2 landed
- b218fbb7a35f 17.0 landed
-
BUG #18200: Undefined behaviour in interval_div
The Post Office <noreply@postgresql.org> — 2023-11-15T13:00:01Z
The following bug has been logged on the website: Bug reference: 18200 Logged by: Alexander Lakhin Email address: exclusion@gmail.com PostgreSQL version: 16.1 Operating system: Ubuntu 22.04 Description: The following query: SELECT interval '12000000 months' / 0.001; triggers an ubsan-detected error: timestamp.c:3408:18: runtime error: 1.2e+10 is outside the range of representable values of type 'int' Without ubsan the result is: -178956970 years -8 mons -2562047788:00:54.775808 This bogus value returned on REL_15_STABLE .. master, but on e39f99046~1 I get: ERROR: interval out of range without ubsan. Though with the sanitizer I see the same complaint (and it can be seen on previous branches including REL_12_STABLE): timestamp.c:3318:18: runtime error: 1.2e+10 is outside the range of representable values of type 'int'
-
Re: BUG #18200: Undefined behaviour in interval_div
Laurenz Albe <laurenz.albe@cybertec.at> — 2023-11-15T17:23:08Z
On Wed, 2023-11-15 at 13:00 +0000, PG Bug reporting form wrote: > The following query: > SELECT interval '12000000 months' / 0.001; > > triggers an ubsan-detected error: > timestamp.c:3408:18: runtime error: 1.2e+10 is outside the range of > representable values of type 'int' > > Without ubsan the result is: > -178956970 years -8 mons -2562047788:00:54.775808 How about the attached fix? Yours, Laurenz Albe
-
Re: BUG #18200: Undefined behaviour in interval_div
Dean Rasheed <dean.a.rasheed@gmail.com> — 2023-11-15T18:14:41Z
On Wed, 15 Nov 2023 at 17:23, Laurenz Albe <laurenz.albe@cybertec.at> wrote: > > How about the attached fix? > I don't think that's sufficient -- interval_div() should have all the same overflow protections that interval_mul() has, since they're basically doing the same thing. However, I don't think that's sufficient either -- looking at interval_mul(), there is nothing to prevent integer overflow when cascading down, so additional checks are needed there too (in both functions). Regards, Dean
-
Re: BUG #18200: Undefined behaviour in interval_div
Dean Rasheed <dean.a.rasheed@gmail.com> — 2023-11-15T22:41:01Z
On Wed, 15 Nov 2023 at 18:14, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > looking at > interval_mul(), there is nothing to prevent integer overflow when > cascading down, so additional checks are needed there too (in both > functions). > Here's a patch doing that. I'm inclined to back-patch this, because this seems like something that's quite easily triggered, and returning bogus results is not good. Regards, Dean
-
Re: BUG #18200: Undefined behaviour in interval_div
Dean Rasheed <dean.a.rasheed@gmail.com> — 2023-11-18T15:16:16Z
On Wed, 15 Nov 2023 at 22:41, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > On Wed, 15 Nov 2023 at 18:14, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > > > looking at > > interval_mul(), there is nothing to prevent integer overflow when > > cascading down, so additional checks are needed there too (in both > > functions). > > Here's a patch doing that. I'm inclined to back-patch this > Pushed and back-patched. Regards, Dean