sharpetronics/PostgreSQL
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-13 01:13:08 -04:00
Code Issues Projects Releases Wiki Activity

Fix contrib/seg to be more wary of long input numbers.

Browse Source 
seg stores the number of significant digits in an input number
in a "char" field.  If char is signed, and the input is more than
127 digits long, the count can read out as negative causing
seg_out() to print garbage (or, if you're really unlucky,
even crash).

To fix, clamp the digit count to be not more than FLT_DIG.
(In theory this loses some information about what the original
input was, but it doesn't seem like useful information; it would
not survive dump/restore in any case.)

Also, in case there are stored values of the seg type containing
bad data, add a clamp in seg_out's restore() subroutine.

Per bug #17725 from Robins Tharakan.  It's been like this
forever, so back-patch to all supported branches.

Discussion: https://postgr.es/m/17725-0a09313b67fbe86e@postgresql.org
This commit is contained in:
Tom Lane 2022-12-21 17:51:50 -05:00
parent f48aa5df4e
commit 0ff4056b8c
5 changed files with 40 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/seg/expected/seg.out
View File

@ -256,6 +256,13 @@ SELECT '12.34567890123456'::seg AS seg;
12.3457 12.3457
(1 row) (1 row)
-- Same, with a very long input
SELECT '12.3456789012345600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'::seg AS seg;
seg
---------
12.3457
(1 row)
-- Numbers with certainty indicators -- Numbers with certainty indicators
SELECT '~6.5'::seg AS seg; SELECT '~6.5'::seg AS seg;
seg seg

7
contrib/seg/expected/seg_1.out
View File

@ -256,6 +256,13 @@ SELECT '12.34567890123456'::seg AS seg;
12.3457 12.3457
(1 row) (1 row)
-- Same, with a very long input
SELECT '12.3456789012345600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'::seg AS seg;
seg
---------
12.3457
(1 row)
-- Numbers with certainty indicators -- Numbers with certainty indicators
SELECT '~6.5'::seg AS seg; SELECT '~6.5'::seg AS seg;
seg seg

6
contrib/seg/seg.c
View File

@ -923,8 +923,12 @@ restore(char *result, float val, int n)
/* /*
* Put a cap on the number of significant digits to avoid garbage in the * Put a cap on the number of significant digits to avoid garbage in the
* output and ensure we don't overrun the result buffer. * output and ensure we don't overrun the result buffer. (n should not be
* negative, but check to protect ourselves against corrupted data.)
*/ */
if (n <= 0)
n = FLT_DIG;
else
n = Min(n, FLT_DIG); n = Min(n, FLT_DIG);
/* remember the sign */ /* remember the sign */

22
contrib/seg/segparse.y
View File

@ -3,6 +3,7 @@
#include "postgres.h" #include "postgres.h"
#include <float.h>
#include <math.h> #include <math.h>
#include "fmgr.h" #include "fmgr.h"
@ -23,6 +24,8 @@
static float seg_atof(const char *value); static float seg_atof(const char *value);
static int sig_digits(const char *value);
static char strbuf[25] = { static char strbuf[25] = {
'0', '0', '0', '0', '0', '0', '0', '0', '0', '0',
'0', '0', '0', '0', '0', '0', '0', '0', '0', '0',
@ -63,9 +66,9 @@ range: boundary PLUMIN deviation
result->lower = $1.val - $3.val; result->lower = $1.val - $3.val;
result->upper = $1.val + $3.val; result->upper = $1.val + $3.val;
sprintf(strbuf, "%g", result->lower); sprintf(strbuf, "%g", result->lower);
result->l_sigd = Max(Min(6, significant_digits(strbuf)), Max($1.sigd, $3.sigd)); result->l_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd));
sprintf(strbuf, "%g", result->upper); sprintf(strbuf, "%g", result->upper);
result->u_sigd = Max(Min(6, significant_digits(strbuf)), Max($1.sigd, $3.sigd)); result->u_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd));
result->l_ext = '\0'; result->l_ext = '\0';
result->u_ext = '\0'; result->u_ext = '\0';
} }
@ -122,7 +125,7 @@ boundary: SEGFLOAT
float val = seg_atof($1); float val = seg_atof($1);
$$.ext = '\0'; $$.ext = '\0';
$$.sigd = significant_digits($1); $$.sigd = sig_digits($1);
$$.val = val; $$.val = val;
} }
| EXTENSION SEGFLOAT | EXTENSION SEGFLOAT
@ -131,7 +134,7 @@ boundary: SEGFLOAT
float val = seg_atof($2); float val = seg_atof($2);
$$.ext = $1[0]; $$.ext = $1[0];
$$.sigd = significant_digits($2); $$.sigd = sig_digits($2);
$$.val = val; $$.val = val;
} }
; ;
@ -142,7 +145,7 @@ deviation: SEGFLOAT
float val = seg_atof($1); float val = seg_atof($1);
$$.ext = '\0'; $$.ext = '\0';
$$.sigd = significant_digits($1); $$.sigd = sig_digits($1);
$$.val = val; $$.val = val;
} }
; ;
@ -159,5 +162,14 @@ seg_atof(const char *value)
return DatumGetFloat4(datum); return DatumGetFloat4(datum);
} }
static int
sig_digits(const char *value)
{
int n = significant_digits(value);
/* Clamp, to ensure value will fit in sigd fields */
return Min(n, FLT_DIG);
}
#include "segscan.c" #include "segscan.c"

3
contrib/seg/sql/seg.sql
View File

@ -60,6 +60,9 @@ SELECT '3.400e5'::seg AS seg;
-- Digits truncated -- Digits truncated
SELECT '12.34567890123456'::seg AS seg; SELECT '12.34567890123456'::seg AS seg;
-- Same, with a very long input
SELECT '12.3456789012345600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'::seg AS seg;
-- Numbers with certainty indicators -- Numbers with certainty indicators
SELECT '~6.5'::seg AS seg; SELECT '~6.5'::seg AS seg;
SELECT '<6.5'::seg AS seg; SELECT '<6.5'::seg AS seg;