1berry/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix overflow in parsing of positional parameter

Browse Source 
Replace atol with pg_strtoint32_safe in the backend parser and with
strtoint in ECPG to reject overflows when parsing the number of a
positional parameter.  With atol from glibc, parameters $2147483648 and
$4294967297 turn into $-2147483648 and $1, respectively.

Author: Erik Wienhold <ewie@ewie.name>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Alexander Lakhin <exclusion@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/5d216d1c-91f6-4cbe-95e2-b4cbd930520c@ewie.name
This commit is contained in:
Peter Eisentraut 2024-07-02 09:16:36 +02:00
parent 4867f8a555
commit d35cd06199
4 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/backend/parser/scan.l
View File

@ -992,8 +992,14 @@ other .
} }
{param} { {param} {
ErrorSaveContext escontext = {T_ErrorSaveContext};
int32 val;
SET_YYLLOC(); SET_YYLLOC();
yylval->ival = atol(yytext + 1); val = pg_strtoint32_safe(yytext + 1, (Node *) &escontext);
if (escontext.error_occurred)
yyerror("parameter number too large");
yylval->ival = val;
return PARAM; return PARAM;
} }
{param_junk} { {param_junk} {

8
src/interfaces/ecpg/preproc/pgc.l
View File

@ -938,7 +938,13 @@ cppline {space}*#([^i][A-Za-z]*|{if}|{ifdef}|{ifndef}|{import})((\/\*[^*/]*\*+
} }
{param} { {param} {
base_yylval.ival = atol(yytext+1); int val;
errno = 0;
val = strtoint(yytext + 1, NULL, 10);
if (errno == ERANGE)
mmfatal(PARSE_ERROR, "parameter number too large");
base_yylval.ival = val;
return PARAM; return PARAM;
} }
{param_junk} { {param_junk} {

4
src/test/regress/expected/numerology.out
View File

@ -206,6 +206,10 @@ PREPARE p1 AS SELECT $1a;
ERROR: trailing junk after parameter at or near "$1a" ERROR: trailing junk after parameter at or near "$1a"
LINE 1: PREPARE p1 AS SELECT $1a; LINE 1: PREPARE p1 AS SELECT $1a;
^ ^
PREPARE p1 AS SELECT $2147483648;
ERROR: parameter number too large at or near "$2147483648"
LINE 1: PREPARE p1 AS SELECT $2147483648;
^
SELECT 0b; SELECT 0b;
ERROR: invalid binary integer at or near "0b" ERROR: invalid binary integer at or near "0b"
LINE 1: SELECT 0b; LINE 1: SELECT 0b;

1
src/test/regress/sql/numerology.sql
View File

@ -52,6 +52,7 @@ SELECT 0.0e1a;
SELECT 0.0e; SELECT 0.0e;
SELECT 0.0e+a; SELECT 0.0e+a;
PREPARE p1 AS SELECT $1a; PREPARE p1 AS SELECT $1a;
PREPARE p1 AS SELECT $2147483648;
SELECT 0b; SELECT 0b;
SELECT 1b; SELECT 1b;