Reject out-of-range numeric timezone specifications.

In commit 631dc390, we started to handle simple numeric timezone offsets via the zic library instead of the old CTimeZone/HasCTZSet kluge. However, we overlooked the fact that the zic code will reject UTC offsets exceeding a week (which seems a bit arbitrary, but not because it's too tight ...). This led to possibly setting session_timezone to NULL, which results in crashes in most timezone-related operations as of 9.4, and crashes in a small number of places even before that. So check for NULL return from pg_tzset_offset() and report an appropriate error message. Per bug #11014 from Duncan Gillis. Back-patch to all supported branches, like the previous patch. (Unfortunately, as of today that no longer includes 8.4.)

Reject out-of-range numeric timezone specifications.
6412f3e2 · Tom Lane · 212825f8 · 6412f3e2 · 6412f3e2
Commit 6412f3e2 authored 10 years ago by Tom Lane
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -349,6 +349,13 @@ check_timezone(char **newval, void **extra, GucSource source)
 		}
 	}

+	/* Test for failure in pg_tzset_offset, which we assume is out-of-range */
+	if (!new_tz)
+	{
+		GUC_check_errdetail("UTC timezone offset is out of range.");
+		return false;
+	}
+
 	/*
 	 * Pass back data for assign_timezone to use
 	 */

--- a/src/timezone/pgtz.c
+++ b/src/timezone/pgtz.c
@@ -296,6 +296,9 @@ pg_tzset(const char *name)
 * The GMT offset is specified in seconds, positive values meaning west of
 * Greenwich (ie, POSIX not ISO sign convention).  However, we use ISO
 * sign convention in the displayable abbreviation for the zone.
+ *
+ * Caution: this can fail (return NULL) if the specified offset is outside
+ * the range allowed by the zic library.
 */
 pg_tz *
 pg_tzset_offset(long gmtoffset)