| From: | Thiago Nunes <thiagotnunes(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #17839: Heap-buffer overflow on float8_to_char with invalid template |
| Date: | 2023-03-15 02:02:37 |
| Message-ID: | CANf6e1+LSX4EMER08f2rSQ+MSMUzAtVfKXFpiBRAdRmk2L-uQQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Got it, I thought that since we were filling the string with #s there, we
should reposition the zero_end.
I will wait for your patch then, thanks for looking into it!
Cheers,
On Wed, Mar 15, 2023 at 12:45 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Thiago Nunes <thiagotnunes(at)gmail(dot)com> writes:
> > I think your solution deals with all the cases, but I would like to point
> > out how I fixed it locally. I recalculated Num.zero_end after this line (
> >
> https://github.com/postgres/postgres/blob/REL_15_2/src/backend/utils/adt/formatting.c#L6716
> > ):
>
> > ```
> > Num.zero_end = Num.pre + Num.post;
> > ```
>
> Hmm ... that seems a bit ad-hoc, because as far as I understand this
> code, zero_end is supposed to track where is the last '0' format
> character. That shouldn't change just because we decided that the
> data value overflowed.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro Horiguchi | 2023-03-15 02:10:11 | Re: pg_read_server_files doesn't let me use pg_ls_dir() or pg_read_file? |
| Previous Message | Tom Lane | 2023-03-15 01:45:46 | Re: BUG #17839: Heap-buffer overflow on float8_to_char with invalid template |