From 814acfcc3a5e891216de1a70f912b83268978734 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Thu, 1 Dec 2005 17:56:34 +0000
Subject: [PATCH] Check for overflow in strtol() while parsing datetime inputs.
Michael Fuhr.
---
src/backend/utils/adt/datetime.c | 34 +++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/src/backend/utils/adt/datetime.c b/src/backend/utils/adt/datetime.c
index 5fc8b2be3b9..e891804ece9 100644
--- a/src/backend/utils/adt/datetime.c
+++ b/src/backend/utils/adt/datetime.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.161 2005/11/22 18:17:22 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.162 2005/12/01 17:56:34 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -1013,7 +1013,10 @@ DecodeDateTime(char **field, int *ftype, int nf,
if (tzp == NULL)
return DTERR_BAD_FORMAT;
+ errno = 0;
val = strtol(field[i], &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
j2date(val, &tm->tm_year, &tm->tm_mon, &tm->tm_mday);
/* Get the time zone from the end of the string */
@@ -1158,7 +1161,10 @@ DecodeDateTime(char **field, int *ftype, int nf,
char *cp;
int val;
+ errno = 0;
val = strtol(field[i], &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
/*
* only a few kinds are allowed to have an embedded
@@ -1915,7 +1921,10 @@ DecodeTimeOnly(char **field, int *ftype, int nf,
break;
}
+ errno = 0;
val = strtol(field[i], &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
/*
* only a few kinds are allowed to have an embedded
@@ -2456,11 +2465,17 @@ DecodeTime(char *str, int fmask, int *tmask, struct pg_tm * tm, fsec_t *fsec)
*tmask = DTK_TIME_M;
+ errno = 0;
tm->tm_hour = strtol(str, &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
if (*cp != ':')
return DTERR_BAD_FORMAT;
str = cp + 1;
+ errno = 0;
tm->tm_min = strtol(str, &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
if (*cp == '\0')
{
tm->tm_sec = 0;
@@ -2471,7 +2486,10 @@ DecodeTime(char *str, int fmask, int *tmask, struct pg_tm * tm, fsec_t *fsec)
else
{
str = cp + 1;
+ errno = 0;
tm->tm_sec = strtol(str, &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
if (*cp == '\0')
*fsec = 0;
else if (*cp == '.')
@@ -2522,7 +2540,10 @@ DecodeNumber(int flen, char *str, bool haveTextMonth, int fmask,
*tmask = 0;
+ errno = 0;
val = strtol(str, &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
if (cp == str)
return DTERR_BAD_FORMAT;
@@ -2809,11 +2830,19 @@ DecodeTimezone(char *str, int *tzp)
if (*str != '+' && *str != '-')
return DTERR_BAD_FORMAT;
+ errno = 0;
hr = strtol(str + 1, &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_TZDISP_OVERFLOW;
/* explicit delimiter? */
if (*cp == ':')
+ {
+ errno = 0;
min = strtol(cp + 1, &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_TZDISP_OVERFLOW;
+ }
/* otherwise, might have run things together... */
else if (*cp == '\0' && strlen(str) > 3)
{
@@ -3056,7 +3085,10 @@ DecodeInterval(char **field, int *ftype, int nf, int *dtype, struct pg_tm * tm,
case DTK_DATE:
case DTK_NUMBER:
+ errno = 0;
val = strtol(field[i], &cp, 10);
+ if (errno == ERANGE)
+ return DTERR_FIELD_OVERFLOW;
if (type == IGNORE_DTF)
type = DTK_SECOND;
--
GitLab