Re: Underscore in positional parameters?
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Michael Paquier <michael@paquier.xyz>
Cc: Erik Wienhold <ewie@ewie.name>, Tom Lane <tgl@sss.pgh.pa.us>,
Dean Rasheed <dean.a.rasheed@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-05-16T06:41:11Z
Lists: pgsql-hackers
Attachments
- 0001-WIP-atol-investigation.patch (text/plain) patch 0001
On 16.05.24 01:11, Michael Paquier wrote: > On Wed, May 15, 2024 at 01:59:36PM +0200, Peter Eisentraut wrote: >> On 14.05.24 18:07, Erik Wienhold wrote: >>> Patch 0002 replaces atol with pg_strtoint32_safe in the backend parser >>> and strtoint in ECPG. This fixes overflows like: >> >> Seems like a good idea, but as was said, this is an older issue, so let's >> look at that separately. > > Hmm, yeah. I would be really tempted to fix that now. > > Now, it has been this way for ages, and with my RMT hat on (aka I need > to show the example), I'd suggest to wait for when the v18 branch > opens as there is no urgency. I'm OK to apply it myself at the end, > the patch is a good idea. On this specific patch, maybe reword "parameter too large" to "parameter number too large". Also, I was bemused by the use of atol(), which is notoriously unportable (sizeof(long)). So I poked around and found more places that might need fixing. I'm attaching a patch here with annotations too look at later.
Commits
-
Fix overflow in parsing of positional parameter
- d35cd0619984 18.0 landed
-
Limit max parameter number with MaxAllocSize
- 9c2e660b07fc 18.0 landed
-
Re-forbid underscore in positional parameters
- 315661ecafbc 16.4 landed
- 98b4f53d156e 17.0 landed