Skip to content
Snippets Groups Projects
Commit 6412f3e2 authored by Tom Lane's avatar Tom Lane
Browse files

Reject out-of-range numeric timezone specifications.

In commit 631dc390, we started to handle
simple numeric timezone offsets via the zic library instead of the old
CTimeZone/HasCTZSet kluge.  However, we overlooked the fact that the zic
code will reject UTC offsets exceeding a week (which seems a bit arbitrary,
but not because it's too tight ...).  This led to possibly setting
session_timezone to NULL, which results in crashes in most timezone-related
operations as of 9.4, and crashes in a small number of places even before
that.  So check for NULL return from pg_tzset_offset() and report an
appropriate error message.  Per bug #11014 from Duncan Gillis.

Back-patch to all supported branches, like the previous patch.
(Unfortunately, as of today that no longer includes 8.4.)
parent 212825f8
No related branches found
No related tags found
No related merge requests found
......@@ -349,6 +349,13 @@ check_timezone(char **newval, void **extra, GucSource source)
}
}
/* Test for failure in pg_tzset_offset, which we assume is out-of-range */
if (!new_tz)
{
GUC_check_errdetail("UTC timezone offset is out of range.");
return false;
}
/*
* Pass back data for assign_timezone to use
*/
......
......@@ -296,6 +296,9 @@ pg_tzset(const char *name)
* The GMT offset is specified in seconds, positive values meaning west of
* Greenwich (ie, POSIX not ISO sign convention). However, we use ISO
* sign convention in the displayable abbreviation for the zone.
*
* Caution: this can fail (return NULL) if the specified offset is outside
* the range allowed by the zic library.
*/
pg_tz *
pg_tzset_offset(long gmtoffset)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment