Re: Underscore in positional parameters?

Peter Eisentraut <peter@eisentraut.org>

From: Peter Eisentraut <peter@eisentraut.org>
To: Michael Paquier <michael@paquier.xyz>
Cc: Erik Wienhold <ewie@ewie.name>, Tom Lane <tgl@sss.pgh.pa.us>, Dean Rasheed <dean.a.rasheed@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-05-16T06:41:11Z
Lists: pgsql-hackers

Attachments

On 16.05.24 01:11, Michael Paquier wrote:
> On Wed, May 15, 2024 at 01:59:36PM +0200, Peter Eisentraut wrote:
>> On 14.05.24 18:07, Erik Wienhold wrote:
>>> Patch 0002 replaces atol with pg_strtoint32_safe in the backend parser
>>> and strtoint in ECPG.  This fixes overflows like:
>>
>> Seems like a good idea, but as was said, this is an older issue, so let's
>> look at that separately.
> 
> Hmm, yeah.  I would be really tempted to fix that now.
> 
> Now, it has been this way for ages, and with my RMT hat on (aka I need
> to show the example), I'd suggest to wait for when the v18 branch
> opens as there is no urgency.  I'm OK to apply it myself at the end,
> the patch is a good idea.

On this specific patch, maybe reword "parameter too large" to "parameter 
number too large".

Also, I was bemused by the use of atol(), which is notoriously 
unportable (sizeof(long)).  So I poked around and found more places that 
might need fixing.  I'm attaching a patch here with annotations too look 
at later.

Commits

  1. Fix overflow in parsing of positional parameter

  2. Limit max parameter number with MaxAllocSize

  3. Re-forbid underscore in positional parameters