Fix thinko introduced in 6b423ec

david-rowley · david-rowley · commit 8692f6644e71 · 2022-12-05T11:55:05.000+13:00
As pointed out by Dean Rasheed, we really should be using tmp > -(PG_INTNN_MIN / 10) rather than tmp > (PG_INTNN_MAX / 10) for checking for overflows in the accumulation in the pg_strtointNN functions. This does happen to be the same number when dividing by 10, but there is a pending patch which adds other bases and this is not the same number if we were to divide by 2 rather than 10, for example. If the base 2 parsing was to follow this example then we could accidentally think a string containing the value of PG_INT32_MIN was an overflow in pg_strtoint32. Clearly that shouldn't overflow. This does not fix any actual live bugs, only some bad examples of overflow checks for future bases. Reported-by: Dean Rasheed Discussion: https://postgr.es/m/CAEZATCVEtwfhdm-K-etZYFB0=qsR0nT6qXta_W+GQx4RYph1dg@mail.gmail.com
diff --git a/src/backend/utils/adt/numutils.c b/src/backend/utils/adt/numutils.c
@@ -122,7 +122,7 @@ pg_strtoint16(const char *s)
 	/* process digits */
 	while (*ptr && isdigit((unsigned char) *ptr))
 	{
-		if (unlikely(tmp > (PG_INT16_MAX / 10)))
+		if (unlikely(tmp > -(PG_INT16_MIN / 10)))
 			goto out_of_range;
 
 		tmp = tmp * 10 + (*ptr++ - '0');
@@ -200,7 +200,7 @@ pg_strtoint32(const char *s)
 	/* process digits */
 	while (*ptr && isdigit((unsigned char) *ptr))
 	{
-		if (unlikely(tmp > (PG_INT32_MAX / 10)))
+		if (unlikely(tmp > -(PG_INT32_MIN / 10)))
 			goto out_of_range;
 
 		tmp = tmp * 10 + (*ptr++ - '0');
@@ -278,7 +278,7 @@ pg_strtoint64(const char *s)
 	/* process digits */
 	while (*ptr && isdigit((unsigned char) *ptr))
 	{
-		if (unlikely(tmp > (PG_INT64_MAX / 10)))
+		if (unlikely(tmp > -(PG_INT64_MIN / 10)))
 			goto out_of_range;
 
 		tmp = tmp * 10 + (*ptr++ - '0');
