Add safeguards in LSN, numeric and float calculation for custom errors

Those data types use parsing and/or calculation wrapper routines which
can generate some generic error messages in the event of a failure.  The
caller of these routines can also pass a pointer variable settable by
the routine to track if an error has happened, letting the caller decide
what to do in the event of an error and what error message to generate.

Those routines have been slacking the initialization of the tracking
flag, which can be confusing when reading the code, so add some
safeguards against calls of these parsing routines which could lead to a
dubious result.

The LSN parsing gains an assertion to make sure that the tracking flag
is set, while numeric and float paths initialize the flag to a saner
state.

Author: Jeevan Ladhe
Reviewed-by: Álvaro Herrera, Michael Paquier
Discussion: https://postgr.es/m/CAOgcT0NOM9oR0Hag_3VpyW0uF3iCU=BDUFSPfk9JrWXRcWQHqw@mail.gmail.com

diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c
index 7540ca22efe78f5b07b3a7ad2c662027be2bbec9..77a5d7d42f82c4a0f68fd0f962beb645d9917e46 100644 (file)
--- a/src/backend/utils/adt/float.c
+++ b/src/backend/utils/adt/float.c
@@ -337,7 +337,7 @@ float8in(PG_FUNCTION_ARGS)
 }
 
 /* Convenience macro: set *have_error flag (if provided) or throw error */
-#define RETURN_ERROR(throw_error) \
+#define RETURN_ERROR(throw_error, have_error) \
 do { \
    if (have_error) { \
        *have_error = true; \
@@ -376,6 +376,9 @@ float8in_internal_opt_error(char *num, char **endptr_p,
    double      val;
    char       *endptr;
 
+   if (have_error)
+       *have_error = false;
+
    /* skip leading whitespace */
    while (*num != '\0' && isspace((unsigned char) *num))
        num++;
@@ -388,7 +391,8 @@ float8in_internal_opt_error(char *num, char **endptr_p,
        RETURN_ERROR(ereport(ERROR,
                             (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                              errmsg("invalid input syntax for type %s: \"%s\"",
-                                    type_name, orig_string))));
+                                    type_name, orig_string))),
+                    have_error);
 
    errno = 0;
    val = strtod(num, &endptr);
@@ -463,9 +467,9 @@ float8in_internal_opt_error(char *num, char **endptr_p,
                errnumber[endptr - num] = '\0';
                RETURN_ERROR(ereport(ERROR,
                                     (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
-                                     errmsg("\"%s\" is out of range for "
-                                            "type double precision",
-                                            errnumber))));
+                                     errmsg("\"%s\" is out of range for type double precision",
+                                            errnumber))),
+                            have_error);
            }
        }
        else
@@ -473,7 +477,8 @@ float8in_internal_opt_error(char *num, char **endptr_p,
                                 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                                  errmsg("invalid input syntax for type "
                                         "%s: \"%s\"",
-                                        type_name, orig_string))));
+                                        type_name, orig_string))),
+                        have_error);
    }
 #ifdef HAVE_BUGGY_SOLARIS_STRTOD
    else
@@ -500,7 +505,8 @@ float8in_internal_opt_error(char *num, char **endptr_p,
                             (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                              errmsg("invalid input syntax for type "
                                     "%s: \"%s\"",
-                                    type_name, orig_string))));
+                                    type_name, orig_string))),
+                    have_error);
 
    return val;
 }

diff --git a/src/backend/utils/adt/numeric.c b/src/backend/utils/adt/numeric.c
index 201784bbf666e92e32d330c2750e28866bcfe9f2..a00db3ce7a82105826d41b194acfd0b16cc573c0 100644 (file)
--- a/src/backend/utils/adt/numeric.c
+++ b/src/backend/utils/adt/numeric.c
@@ -2605,6 +2605,9 @@ numeric_div_opt_error(Numeric num1, Numeric num2, bool *have_error)
    Numeric     res;
    int         rscale;
 
+   if (have_error)
+       *have_error = false;
+
    /*
     * Handle NaN
     */
@@ -2721,6 +2724,9 @@ numeric_mod_opt_error(Numeric num1, Numeric num2, bool *have_error)
    NumericVar  arg2;
    NumericVar  result;
 
+   if (have_error)
+       *have_error = false;
+
    if (NUMERIC_IS_NAN(num1) || NUMERIC_IS_NAN(num2))
        return make_result(&const_nan);
 
@@ -3207,6 +3213,9 @@ numeric_int4_opt_error(Numeric num, bool *have_error)
    NumericVar  x;
    int32       result;
 
+   if (have_error)
+       *have_error = false;
+
    /* XXX would it be better to return NULL? */
    if (NUMERIC_IS_NAN(num))
    {
@@ -6249,6 +6258,9 @@ make_result_opt_error(const NumericVar *var, bool *have_error)
    int         n;
    Size        len;
 
+   if (have_error)
+       *have_error = false;
+
    if (sign == NUMERIC_NAN)
    {
        result = (Numeric) palloc(NUMERIC_HDRSZ_SHORT);

diff --git a/src/backend/utils/adt/pg_lsn.c b/src/backend/utils/adt/pg_lsn.c
index b4c6c2309cf46dee4b1a1a03c90e5ce99d1ddc3b..728892e709831d42caf7c61a87ff2b4393fbed23 100644 (file)
--- a/src/backend/utils/adt/pg_lsn.c
+++ b/src/backend/utils/adt/pg_lsn.c
@@ -34,6 +34,9 @@ pg_lsn_in_internal(const char *str, bool *have_error)
                off;
    XLogRecPtr  result;
 
+   Assert(have_error != NULL);
+   *have_error = false;
+
    /* Sanity check input format. */
    len1 = strspn(str, "0123456789abcdefABCDEF");
    if (len1 < 1 || len1 > MAXPG_LSNCOMPONENT || str[len1] != '/')