Fix overflow in parsing of positional parameter

Replace atol with pg_strtoint32_safe in the backend parser and with strtoint in ECPG to reject overflows when parsing the number of a positional parameter. With atol from glibc, parameters $2147483648 and $4294967297 turn into $-2147483648 and $1, respectively. Author: Erik Wienhold <ewie@ewie.name> Reviewed-by: Michael Paquier <michael@paquier.xyz> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Alexander Lakhin <exclusion@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/5d216d1c-91f6-4cbe-95e2-b4cbd930520c@ewie.name
2025-08-28 18:48:04 +03:00 · 2024-07-02 09:16:36 +02:00
parent 4867f8a555
commit d35cd06199
4 changed files with 19 additions and 2 deletions
--- a/src/interfaces/ecpg/preproc/pgc.l
+++ b/src/interfaces/ecpg/preproc/pgc.l
@@ -938,7 +938,13 @@ cppline			{space}*#([^i][A-Za-z]*|{if}|{ifdef}|{ifndef}|{import})((\/\*[^*/]*\*+
 				}

 {param}			{
-					base_yylval.ival = atol(yytext+1);
+					int			val;
+
+					errno = 0;
+					val = strtoint(yytext + 1, NULL, 10);
+					if (errno == ERANGE)
+						mmfatal(PARSE_ERROR, "parameter number too large");
+					base_yylval.ival = val;
 					return PARAM;
 				}
 {param_junk}	{