Add guard code to protect from buffer overruns on long date/time input

 strings. Should go back in and look at doing this a bit more elegantly
 and (hopefully) cheaper. Probably not too bad anyway, but it seems a
 shame to scan the strings twice: once for length for this buffer overrun
 protection, and once to parse the line.
Remove use of pow() in date/time handling; was already gone from everything
 *but* the time data types.
Define macros for handling typmod manipulation for date/time types.
 Should be more robust than all of that brute-force inline code.
Rename macros for masking and typmod manipulation to put TIMESTAMP_
 or INTERVAL_ in front of the macro name, to reduce the possibility
 of name space collisions.

src/backend/utils/adt/date.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/date.c,v 1.69 2002/06/20 20:29:36 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/date.c,v 1.70 2002/08/04 06:44:47 thomas Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -57,6 +57,9 @@ date_in(PG_FUNCTION_ARGS)
 	int			ftype[MAXDATEFIELDS];
 	char		lowstr[MAXDATELEN + 1];
 
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad date external representation (too long) '%s'", str);
+
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 	 || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tzp) != 0))
 		elog(ERROR, "Bad date external representation '%s'", str);
@@ -518,6 +521,9 @@ time_in(PG_FUNCTION_ARGS)
 	int			dtype;
 	int			ftype[MAXDATEFIELDS];
 
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad time external representation (too long) '%s'", str);
+
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 	 || (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, NULL) != 0))
 		elog(ERROR, "Bad time external representation '%s'", str);
@@ -606,37 +612,85 @@ time_scale(PG_FUNCTION_ARGS)
 	PG_RETURN_TIMEADT(result);
 }
 
+/* AdjustTimeForTypmod()
+ * Force the precision of the time value to a specified value.
+ * Uses *exactly* the same code as in AdjustTimestampForTypemod()
+ * but we make a separate copy because those types do not
+ * have a fundamental tie together but rather a coincidence of
+ * implementation. - thomas
+ */
 static void
 AdjustTimeForTypmod(TimeADT *time, int32 typmod)
 {
-	if ((typmod >= 0) && (typmod <= MAX_TIME_PRECISION))
-	{
 #ifdef HAVE_INT64_TIMESTAMP
-		static int64 TimeScale = INT64CONST(1000000);
+	static const int64 TimeScales[MAX_TIMESTAMP_PRECISION+1] = {
+		INT64CONST(1000000),
+		INT64CONST(100000),
+		INT64CONST(10000),
+		INT64CONST(1000),
+		INT64CONST(100),
+		INT64CONST(10),
+		INT64CONST(1)
+	};
+
+	static const int64 TimeOffsets[MAX_TIMESTAMP_PRECISION+1] = {
+		INT64CONST(-500000),
+		INT64CONST(-50000),
+		INT64CONST(-5000),
+		INT64CONST(-500),
+		INT64CONST(-50),
+		INT64CONST(-5),
+		INT64CONST(0)
+	};
 #else
-		static double TimeScale = 1;
+	static const double TimeScales[MAX_TIMESTAMP_PRECISION+1] = {
+		1,
+		10,
+		100,
+		1000,
+		10000,
+		100000,
+		1000000
+	};
+
+	static const double TimeOffsets[MAX_TIMESTAMP_PRECISION+1] = {
+		0.5,
+		0.05,
+		0.005,
+		0.0005,
+		0.00005,
+		0.000005,
+		0.0000005
+	};
 #endif
-		static int32 TimeTypmod = 0;
 
-		if (typmod != TimeTypmod)
-		{
+	if ((typmod >= 0) && (typmod <= MAX_TIME_PRECISION))
+	{
 #ifdef HAVE_INT64_TIMESTAMP
-			TimeScale = pow(10.0, (MAX_TIME_PRECISION-typmod));
-#else
-			TimeScale = pow(10.0, typmod);
-#endif
-			TimeTypmod = typmod;
+		/* we have different truncation behavior depending on sign */
+		if (*time >= INT64CONST(0))
+		{
+			*time = ((*time / TimeScales[typmod])
+					 * TimeScales[typmod]);
+		}
+		else
+		{
+			*time = (((*time + TimeOffsets[typmod]) / TimeScales[typmod])
+					 * TimeScales[typmod]);
 		}
-
-#ifdef HAVE_INT64_TIMESTAMP
-		*time = ((*time / TimeScale) * TimeScale);
-		if (*time >= INT64CONST(86400000000))
-			*time -= INT64CONST(86400000000);
 #else
-		*time = (rint(((double) *time) * TimeScale) / TimeScale);
-
-		if (*time >= 86400)
-			*time -= 86400;
+		/* we have different truncation behavior depending on sign */
+		if (*time >= 0)
+		{
+			*time = (rint(((double) *time) * TimeScales[typmod])
+					 / TimeScales[typmod]);
+		}
+		else
+		{
+			/* Scale and truncate first, then add to help the rounding behavior */
+			*time = (rint((((double) *time) * TimeScales[typmod]) + TimeOffsets[typmod])
+					 / TimeScales[typmod]);
+		}
 #endif
 	}
 
@@ -1269,6 +1323,10 @@ timetz_in(PG_FUNCTION_ARGS)
 	int			dtype;
 	int			ftype[MAXDATEFIELDS];
 
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad time with time zone"
+			 " external representation (too long) '%s'", str);
+
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 	  || (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
 		elog(ERROR, "Bad time external representation '%s'", str);

src/backend/utils/adt/format_type.c

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/format_type.c,v 1.30 2002/06/20 20:29:37 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/format_type.c,v 1.31 2002/08/04 06:44:47 thomas Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -29,9 +29,6 @@
 #include "mb/pg_wchar.h"
 #endif
 
-
-#define MASK(b) (1 << (b))
-
 #define MAX_INT32_LEN 11
 #define _textin(str) DirectFunctionCall1(textin, CStringGetDatum(str))
 
@@ -258,52 +255,63 @@ format_type_internal(Oid type_oid, int32 typemod,
 		case INTERVALOID:
 			if (with_typemod)
 			{
-				int			fields = typemod >> 16;
-				int			precision = typemod & 0xFFFF;
+				int			fields = INTERVAL_RANGE(typemod);
+				int			precision = INTERVAL_PRECISION(typemod);
 				const char *fieldstr;
 
 				switch (fields)
 				{
-					case MASK(YEAR):
+					case INTERVAL_MASK(YEAR):
 						fieldstr = " year";
 						break;
-					case MASK(MONTH):
+					case INTERVAL_MASK(MONTH):
 						fieldstr = " month";
 						break;
-					case MASK(DAY):
+					case INTERVAL_MASK(DAY):
 						fieldstr = " day";
 						break;
-					case MASK(HOUR):
+					case INTERVAL_MASK(HOUR):
 						fieldstr = " hour";
 						break;
-					case MASK(MINUTE):
+					case INTERVAL_MASK(MINUTE):
 						fieldstr = " minute";
 						break;
-					case MASK(SECOND):
+					case INTERVAL_MASK(SECOND):
 						fieldstr = " second";
 						break;
-					case MASK(YEAR) | MASK(MONTH):
+					case INTERVAL_MASK(YEAR)
+					  | INTERVAL_MASK(MONTH):
 						fieldstr = " year to month";
 						break;
-					case MASK(DAY) | MASK(HOUR):
+					case INTERVAL_MASK(DAY)
+					  | INTERVAL_MASK(HOUR):
 						fieldstr = " day to hour";
 						break;
-					case MASK(DAY) | MASK(HOUR) | MASK(MINUTE):
+					case INTERVAL_MASK(DAY)
+					  | INTERVAL_MASK(HOUR)
+					  | INTERVAL_MASK(MINUTE):
 						fieldstr = " day to minute";
 						break;
-					case MASK(DAY) | MASK(HOUR) | MASK(MINUTE) | MASK(SECOND):
+					case INTERVAL_MASK(DAY)
+					  | INTERVAL_MASK(HOUR)
+					  | INTERVAL_MASK(MINUTE)
+					  | INTERVAL_MASK(SECOND):
 						fieldstr = " day to second";
 						break;
-					case MASK(HOUR) | MASK(MINUTE):
+					case INTERVAL_MASK(HOUR)
+					  | INTERVAL_MASK(MINUTE):
 						fieldstr = " hour to minute";
 						break;
-					case MASK(HOUR) | MASK(MINUTE) | MASK(SECOND):
+					case INTERVAL_MASK(HOUR)
+					  | INTERVAL_MASK(MINUTE)
+					  | INTERVAL_MASK(SECOND):
 						fieldstr = " hour to second";
 						break;
-					case MASK(MINUTE) | MASK(SECOND):
+					case INTERVAL_MASK(MINUTE)
+					  | INTERVAL_MASK(SECOND):
 						fieldstr = " minute to second";
 						break;
-					case 0x7FFF:
+					case INTERVAL_FULL_RANGE:
 						fieldstr = "";
 						break;
 					default:
@@ -311,7 +319,7 @@ format_type_internal(Oid type_oid, int32 typemod,
 						fieldstr = "";
 						break;
 				}
-				if (precision != 0xFFFF)
+				if (precision != INTERVAL_FULL_PRECISION)
 					buf = psnprintf(100, "interval(%d)%s",
 									precision, fieldstr);
 				else

src/backend/utils/adt/nabstime.c

@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/nabstime.c,v 1.95 2002/06/20 20:29:37 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/nabstime.c,v 1.96 2002/08/04 06:44:47 thomas Exp $
  *
  * NOTES
  *
@@ -486,8 +486,8 @@ nabstimein(PG_FUNCTION_ARGS)
 	int			nf,
 				ftype[MAXDATEFIELDS];
 
-	if (strlen(str) > MAXDATELEN)
-		elog(ERROR, "Bad (length) abstime external representation '%s'", str);
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad abstime external representation (too long) '%s'", str);
 
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
@@ -849,8 +849,8 @@ reltimein(PG_FUNCTION_ARGS)
 				ftype[MAXDATEFIELDS];
 	char		lowstr[MAXDATELEN + 1];
 
-	if (strlen(str) > MAXDATELEN)
-		elog(ERROR, "Bad (length) reltime external representation '%s'", str);
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad reltime external representation (too long) '%s'", str);
 
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 		|| (DecodeInterval(field, ftype, nf, &dtype, tm, &fsec) != 0))

src/backend/utils/adt/timestamp.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/timestamp.c,v 1.68 2002/06/20 20:29:38 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/timestamp.c,v 1.69 2002/08/04 06:44:47 thomas Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -65,7 +65,10 @@ timestamp_in(PG_FUNCTION_ARGS)
 	int			nf;
 	char	   *field[MAXDATEFIELDS];
 	int			ftype[MAXDATEFIELDS];
-	char		lowstr[MAXDATELEN + 1];
+	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
+
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad timestamp external representation (too long) '%s'", str);
 
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
@@ -251,7 +254,11 @@ timestamptz_in(PG_FUNCTION_ARGS)
 	int			nf;
 	char	   *field[MAXDATEFIELDS];
 	int			ftype[MAXDATEFIELDS];
-	char		lowstr[MAXDATELEN + 1];
+	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
+
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad timestamp with time zone"
+			 " external representation (too long) '%s'", str);
 
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
@@ -359,7 +366,7 @@ interval_in(PG_FUNCTION_ARGS)
 	int			nf;
 	char	   *field[MAXDATEFIELDS];
 	int			ftype[MAXDATEFIELDS];
-	char		lowstr[MAXDATELEN + 1];
+	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
 
 	tm->tm_year = 0;
 	tm->tm_mon = 0;
@@ -369,6 +376,9 @@ interval_in(PG_FUNCTION_ARGS)
 	tm->tm_sec = 0;
 	fsec = 0;
 
+	if (strlen(str) >= sizeof(lowstr))
+		elog(ERROR, "Bad interval external representation (too long) '%s'", str);
+
 	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
 		|| (DecodeInterval(field, ftype, nf, &dtype, tm, &fsec) != 0))
 		elog(ERROR, "Bad interval external representation '%s'", str);
@@ -436,8 +446,6 @@ interval_scale(PG_FUNCTION_ARGS)
 	PG_RETURN_INTERVAL_P(result);
 }
 
-#define MASK(b) (1 << (b))
-
 static void
 AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 {
@@ -483,31 +491,34 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 	};
 #endif
 
+	/* Unspecified range and precision? Then not necessary to adjust.
+	 * Setting typmod to -1 is the convention for all types.
+	 */
 	if (typmod != -1)
 	{
-		int			range = ((typmod >> 16) & 0x7FFF);
-		int			precision = (typmod & 0xFFFF);
+		int			range = INTERVAL_RANGE(typmod);
+		int			precision = INTERVAL_PRECISION(typmod);
 
-		if (range == 0x7FFF)
+		if (range == INTERVAL_FULL_RANGE)
 		{
 			/* Do nothing... */
 		}
-		else if (range == MASK(YEAR))
+		else if (range == INTERVAL_MASK(YEAR))
 		{
 			interval->month = ((interval->month / 12) * 12);
 			interval->time = 0;
 		}
-		else if (range == MASK(MONTH))
+		else if (range == INTERVAL_MASK(MONTH))
 		{
 			interval->month %= 12;
 			interval->time = 0;
 		}
 		/* YEAR TO MONTH */
-		else if (range == (MASK(YEAR) | MASK(MONTH)))
+		else if (range == (INTERVAL_MASK(YEAR) | INTERVAL_MASK(MONTH)))
 		{
 			interval->time = 0;
 		}
-		else if (range == MASK(DAY))
+		else if (range == INTERVAL_MASK(DAY))
 		{
 			interval->month = 0;
 #ifdef HAVE_INT64_TIMESTAMP
@@ -517,7 +528,7 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 			interval->time = (((int) (interval->time / 86400)) * 86400);
 #endif
 		}
-		else if (range == MASK(HOUR))
+		else if (range == INTERVAL_MASK(HOUR))
 		{
 #ifdef HAVE_INT64_TIMESTAMP
 			int64		day;
@@ -536,7 +547,7 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 			interval->time = (((int) (interval->time / 3600)) * 3600.0);
 #endif
 		}
-		else if (range == MASK(MINUTE))
+		else if (range == INTERVAL_MASK(MINUTE))
 		{
 #ifdef HAVE_INT64_TIMESTAMP
 			int64		hour;
@@ -555,7 +566,7 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 			interval->time = (((int) (interval->time / 60)) * 60);
 #endif
 		}
-		else if (range == MASK(SECOND))
+		else if (range == INTERVAL_MASK(SECOND))
 		{
 #ifdef HAVE_INT64_TIMESTAMP
 			int64		minute;
@@ -573,7 +584,8 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 #endif
 		}
 		/* DAY TO HOUR */
-		else if (range == (MASK(DAY) | MASK(HOUR)))
+		else if (range == (INTERVAL_MASK(DAY) |
+						   INTERVAL_MASK(HOUR)))
 		{
 			interval->month = 0;
 #ifdef HAVE_INT64_TIMESTAMP
@@ -584,7 +596,9 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 #endif
 		}
 		/* DAY TO MINUTE */
-		else if (range == (MASK(DAY) | MASK(HOUR) | MASK(MINUTE)))
+		else if (range == (INTERVAL_MASK(DAY) |
+						   INTERVAL_MASK(HOUR) |
+						   INTERVAL_MASK(MINUTE)))
 		{
 			interval->month = 0;
 #ifdef HAVE_INT64_TIMESTAMP
@@ -595,12 +609,16 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 #endif
 		}
 		/* DAY TO SECOND */
-		else if (range == (MASK(DAY) | MASK(HOUR) | MASK(MINUTE) | MASK(SECOND)))
+		else if (range == (INTERVAL_MASK(DAY) |
+						   INTERVAL_MASK(HOUR) |
+						   INTERVAL_MASK(MINUTE) |
+						   INTERVAL_MASK(SECOND)))
 		{
 			interval->month = 0;
 		}
 		/* HOUR TO MINUTE */
-		else if (range == (MASK(HOUR) | MASK(MINUTE)))
+		else if (range == (INTERVAL_MASK(HOUR) |
+						   INTERVAL_MASK(MINUTE)))
 		{
 #ifdef HAVE_INT64_TIMESTAMP
 			int64		day;
@@ -620,7 +638,9 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 #endif
 		}
 		/* HOUR TO SECOND */
-		else if (range == (MASK(HOUR) | MASK(MINUTE) | MASK(SECOND)))
+		else if (range == (INTERVAL_MASK(HOUR) |
+						   INTERVAL_MASK(MINUTE) |
+						   INTERVAL_MASK(SECOND)))
 		{
 #ifdef HAVE_INT64_TIMESTAMP
 			int64		day;
@@ -637,7 +657,8 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 #endif
 		}
 		/* MINUTE TO SECOND */
-		else if (range == (MASK(MINUTE) | MASK(SECOND)))
+		else if (range == (INTERVAL_MASK(MINUTE) |
+						   INTERVAL_MASK(SECOND)))
 		{
 #ifdef HAVE_INT64_TIMESTAMP
 			int64		hour;
@@ -657,7 +678,7 @@ AdjustIntervalForTypmod(Interval *interval, int32 typmod)
 			elog(ERROR, "AdjustIntervalForTypmod(): internal coding error");
 
 		/* Need to adjust precision? If not, don't even try! */
-		if (precision != 0xFFFF)
+		if (precision != INTERVAL_FULL_PRECISION)
 		{
 			if ((precision < 0) || (precision > MAX_INTERVAL_PRECISION))
 				elog(ERROR, "INTERVAL(%d) precision must be between %d and %d",

src/backend/utils/adt/varlena.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.86 2002/06/20 20:29:38 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.87 2002/08/04 06:44:47 thomas Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -550,7 +550,7 @@ varstr_cmp(char *arg1, int len1, char *arg2, int len2)
 	/*
 	 * Unfortunately, there is no strncoll(), so in the non-C locale
 	 * case we have to do some memory copying.  This turns out to be
-	 * significantly slower, so we optimize the case were LC_COLLATE
+	 * significantly slower, so we optimize the case where LC_COLLATE
 	 * is C.
 	 */
 	if (!lc_collate_is_c())