Re: Minor binary-search int overflow in timezone code

Re: Tom Lane 2014-12-16 <14615(dot)1418694505(at)sss(dot)pgh(dot)pa(dot)us>
> Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> writes:
> > On 12/15/14, 1:39 PM, Christoph Berg wrote:
> >> Well, if it's not interesting, let's just forget it. Sorry.
>
> > At the risk of sticking my head in the lions mouth... this is the kind of response that deters people from contributing anything to the project, including reviewing patches. A simple "thanks, but we feel it's already clear enough that there can't be anywhere close to INT_MAX timezones" would have sufficed.
>
> Yeah, I need to apologize. I was a bit on edge today due to the release
> wrap (which you may have noticed wasn't going too smoothly), and should
> not have responded like that.

Hi,

maybe I should apologize as well for submitting this right at the time
of the release...

> I also remain curious as to what sort of tool would complain about this
> particular code and not the N other nearly-identical binary-search loops
> in the PG sources, most of which deal with data structures potentially
> far larger than the timezone data ...

He said he found it in manual code review, not using a tool.

But anyway, I do agree this is a very minor issue and there's much
more interesting things to spend time on. I promise to send in more
severe security issues next time :)

Christoph
--
cb(at)df7cb(dot)de | http://www.df7cb.de/