Fix overflow in parsing of positional parameter

Replace atol with pg_strtoint32_safe in the backend parser and with strtoint in ECPG to reject overflows when parsing the number of a positional parameter. With atol from glibc, parameters $2147483648 and $4294967297 turn into $-2147483648 and $1, respectively. Author: Erik Wienhold <ewie@ewie.name> Reviewed-by: Michael Paquier <michael@paquier.xyz> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Alexander Lakhin <exclusion@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/5d216d1c-91f6-4cbe-95e2-b4cbd930520c@ewie.name
author: Peter Eisentraut 2024-07-02 07:16:36 +0000
committer: Peter Eisentraut 2024-07-02 07:29:26 +0000
commit: d35cd061998434747c0d1c0f6f2aa1f736f0edb4 (patch)
tree: 36ed3648c04c61639f7ee19a00a6698042093c13 /src/backend/parser
parent: 4867f8a555cea1bc6de1726b0030896aa4cd3c70 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/src/backend/parser/scan.l b/src/backend/parser/scan.l
index 3248fb51080..f74059e7b0b 100644
--- a/src/backend/parser/scan.l
+++ b/src/backend/parser/scan.l
@@ -992,8 +992,14 @@ other			.
 				}
 
 {param}			{
+					ErrorSaveContext escontext = {T_ErrorSaveContext};
+					int32		val;
+
 					SET_YYLLOC();
-					yylval->ival = atol(yytext + 1);
+					val = pg_strtoint32_safe(yytext + 1, (Node *) &escontext);
+					if (escontext.error_occurred)
+						yyerror("parameter number too large");
+					yylval->ival = val;
 					return PARAM;
 				}
 {param_junk}	{
author	Peter Eisentraut	2024-07-02 07:16:36 +0000
committer	Peter Eisentraut	2024-07-02 07:29:26 +0000
commit	d35cd061998434747c0d1c0f6f2aa1f736f0edb4 (patch)
tree	36ed3648c04c61639f7ee19a00a6698042093c13 /src/backend/parser
parent	4867f8a555cea1bc6de1726b0030896aa4cd3c70 (diff)