diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2020-06-04 16:42:08 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2020-06-04 16:42:23 -0400 |
| commit | a9632830bb05dc98ae24017cafc652e4a66d44a8 (patch) | |
| tree | 04cfd1774c957b6998651324ef1d43b5677b26f8 /src/backend/utils/adt/timestamp.c | |
| parent | f5067049cde38cd0d6333a5e3bf1bed8d99e6f44 (diff) | |
| download | postgresql-a9632830bb05dc98ae24017cafc652e4a66d44a8.tar.gz postgresql-a9632830bb05dc98ae24017cafc652e4a66d44a8.zip | |
Reject "23:59:60.nnn" in datetime input.
It's intentional that we don't allow values greater than 24 hours,
while we do allow "24:00:00" as well as "23:59:60" as inputs.
However, the range check was miscoded in such a way that it would
accept "23:59:60.nnn" with a nonzero fraction. For time or timetz,
the stored result would then be greater than "24:00:00" which would
fail dump/reload, not to mention possibly confusing other operations.
Fix by explicitly calculating the result and making sure it does not
exceed 24 hours. (This calculation is redundant with what will happen
later in tm2time or tm2timetz. Maybe someday somebody will find that
annoying enough to justify refactoring to avoid the duplication; but
that seems too invasive for a back-patched bug fix, and the cost is
probably unmeasurable anyway.)
Note that this change also rejects such input as the time portion
of a timestamp(tz) value.
Back-patch to v10. The bug is far older, but to change this pre-v10
we'd need to ensure that the logic behaves sanely with float timestamps,
which is possibly nontrivial due to roundoff considerations.
Doesn't really seem worth troubling with.
Per report from Christoph Berg.
Discussion: https://postgr.es/m/20200520125807.GB296739@msg.df7cb.de
Diffstat (limited to 'src/backend/utils/adt/timestamp.c')
| -rw-r--r-- | src/backend/utils/adt/timestamp.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/src/backend/utils/adt/timestamp.c b/src/backend/utils/adt/timestamp.c index 7ea97d0c8e5..5fe304cea75 100644 --- a/src/backend/utils/adt/timestamp.c +++ b/src/backend/utils/adt/timestamp.c @@ -32,6 +32,7 @@ #include "parser/scansup.h" #include "utils/array.h" #include "utils/builtins.h" +#include "utils/date.h" #include "utils/datetime.h" #include "utils/float.h" @@ -581,18 +582,8 @@ make_timestamp_internal(int year, int month, int day, date = date2j(tm.tm_year, tm.tm_mon, tm.tm_mday) - POSTGRES_EPOCH_JDATE; - /* - * This should match the checks in DecodeTimeOnly, except that since we're - * dealing with a float "sec" value, we also explicitly reject NaN. (An - * infinity input should get rejected by the range comparisons, but we - * can't be sure how those will treat a NaN.) - */ - if (hour < 0 || min < 0 || min > MINS_PER_HOUR - 1 || - isnan(sec) || - sec < 0 || sec > SECS_PER_MINUTE || - hour > HOURS_PER_DAY || - /* test for > 24:00:00 */ - (hour == HOURS_PER_DAY && (min > 0 || sec > 0))) + /* Check for time overflow */ + if (float_time_overflows(hour, min, sec)) ereport(ERROR, (errcode(ERRCODE_DATETIME_FIELD_OVERFLOW), errmsg("time field value out of range: %d:%02d:%02g", @@ -600,7 +591,7 @@ make_timestamp_internal(int year, int month, int day, /* This should match tm2time */ time = (((hour * MINS_PER_HOUR + min) * SECS_PER_MINUTE) - * USECS_PER_SEC) + rint(sec * USECS_PER_SEC); + * USECS_PER_SEC) + (int64) rint(sec * USECS_PER_SEC); result = date * USECS_PER_DAY + time; /* check for major overflow */ |