Re: BUG #17839: Heap-buffer overflow on float8_to_char with invalid template

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Thiago Nunes <thiagotnunes(at)gmail(dot)com>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #17839: Heap-buffer overflow on float8_to_char with invalid template
Date: 2023-03-15 01:45:46
Message-ID: 3076956.1678844746@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Thiago Nunes <thiagotnunes(at)gmail(dot)com> writes:
> I think your solution deals with all the cases, but I would like to point
> out how I fixed it locally. I recalculated Num.zero_end after this line (
> https://github.com/postgres/postgres/blob/REL_15_2/src/backend/utils/adt/formatting.c#L6716
> ):

> ```
> Num.zero_end = Num.pre + Num.post;
> ```

Hmm ... that seems a bit ad-hoc, because as far as I understand this
code, zero_end is supposed to track where is the last '0' format
character. That shouldn't change just because we decided that the
data value overflowed.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Thiago Nunes 2023-03-15 02:02:37 Re: BUG #17839: Heap-buffer overflow on float8_to_char with invalid template
Previous Message Thiago Nunes 2023-03-15 01:17:38 Re: BUG #17839: Heap-buffer overflow on float8_to_char with invalid template