diff options
| -rw-r--r-- | src/backend/utils/adt/float.c | 44 | ||||
| -rw-r--r-- | src/backend/utils/adt/int8.c | 22 | ||||
| -rw-r--r-- | src/backend/utils/adt/timestamp.c | 2 | ||||
| -rw-r--r-- | src/bin/pgbench/pgbench.c | 5 | ||||
| -rw-r--r-- | src/include/c.h | 24 | ||||
| -rw-r--r-- | src/test/regress/expected/interval.out | 3 | ||||
| -rw-r--r-- | src/test/regress/sql/interval.sql | 3 |
7 files changed, 46 insertions, 57 deletions
diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c index 79573f14d5..8b81d123bf 100644 --- a/src/backend/utils/adt/float.c +++ b/src/backend/utils/adt/float.c @@ -1227,15 +1227,8 @@ dtoi4(PG_FUNCTION_ARGS) */ num = rint(num); - /* - * Range check. We must be careful here that the boundary values are - * expressed exactly in the float domain. We expect PG_INT32_MIN to be an - * exact power of 2, so it will be represented exactly; but PG_INT32_MAX - * isn't, and might get rounded off, so avoid using it. - */ - if (num < (float8) PG_INT32_MIN || - num >= -((float8) PG_INT32_MIN) || - isnan(num)) + /* Range check */ + if (isnan(num) || !FLOAT8_FITS_IN_INT32(num)) ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), errmsg("integer out of range"))); @@ -1259,15 +1252,8 @@ dtoi2(PG_FUNCTION_ARGS) */ num = rint(num); - /* - * Range check. We must be careful here that the boundary values are - * expressed exactly in the float domain. We expect PG_INT16_MIN to be an - * exact power of 2, so it will be represented exactly; but PG_INT16_MAX - * isn't, and might get rounded off, so avoid using it. - */ - if (num < (float8) PG_INT16_MIN || - num >= -((float8) PG_INT16_MIN) || - isnan(num)) + /* Range check */ + if (isnan(num) || !FLOAT8_FITS_IN_INT16(num)) ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), errmsg("smallint out of range"))); @@ -1315,15 +1301,8 @@ ftoi4(PG_FUNCTION_ARGS) */ num = rint(num); - /* - * Range check. We must be careful here that the boundary values are - * expressed exactly in the float domain. We expect PG_INT32_MIN to be an - * exact power of 2, so it will be represented exactly; but PG_INT32_MAX - * isn't, and might get rounded off, so avoid using it. - */ - if (num < (float4) PG_INT32_MIN || - num >= -((float4) PG_INT32_MIN) || - isnan(num)) + /* Range check */ + if (isnan(num) || !FLOAT4_FITS_IN_INT32(num)) ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), errmsg("integer out of range"))); @@ -1347,15 +1326,8 @@ ftoi2(PG_FUNCTION_ARGS) */ num = rint(num); - /* - * Range check. We must be careful here that the boundary values are - * expressed exactly in the float domain. We expect PG_INT16_MIN to be an - * exact power of 2, so it will be represented exactly; but PG_INT16_MAX - * isn't, and might get rounded off, so avoid using it. - */ - if (num < (float4) PG_INT16_MIN || - num >= -((float4) PG_INT16_MIN) || - isnan(num)) + /* Range check */ + if (isnan(num) || !FLOAT4_FITS_IN_INT16(num)) ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), errmsg("smallint out of range"))); diff --git a/src/backend/utils/adt/int8.c b/src/backend/utils/adt/int8.c index 62f54c12d5..c04d3abcef 100644 --- a/src/backend/utils/adt/int8.c +++ b/src/backend/utils/adt/int8.c @@ -1351,15 +1351,8 @@ dtoi8(PG_FUNCTION_ARGS) */ num = rint(num); - /* - * Range check. We must be careful here that the boundary values are - * expressed exactly in the float domain. We expect PG_INT64_MIN to be an - * exact power of 2, so it will be represented exactly; but PG_INT64_MAX - * isn't, and might get rounded off, so avoid using it. - */ - if (num < (float8) PG_INT64_MIN || - num >= -((float8) PG_INT64_MIN) || - isnan(num)) + /* Range check */ + if (isnan(num) || !FLOAT8_FITS_IN_INT64(num)) ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), errmsg("bigint out of range"))); @@ -1393,15 +1386,8 @@ ftoi8(PG_FUNCTION_ARGS) */ num = rint(num); - /* - * Range check. We must be careful here that the boundary values are - * expressed exactly in the float domain. We expect PG_INT64_MIN to be an - * exact power of 2, so it will be represented exactly; but PG_INT64_MAX - * isn't, and might get rounded off, so avoid using it. - */ - if (num < (float4) PG_INT64_MIN || - num >= -((float4) PG_INT64_MIN) || - isnan(num)) + /* Range check */ + if (isnan(num) || !FLOAT4_FITS_IN_INT64(num)) ereport(ERROR, (errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE), errmsg("bigint out of range"))); diff --git a/src/backend/utils/adt/timestamp.c b/src/backend/utils/adt/timestamp.c index f211bd05e0..5c0fdb7d3b 100644 --- a/src/backend/utils/adt/timestamp.c +++ b/src/backend/utils/adt/timestamp.c @@ -3504,7 +3504,7 @@ interval_mul(PG_FUNCTION_ARGS) result->day += (int32) month_remainder_days; #ifdef HAVE_INT64_TIMESTAMP result_double = rint(span->time * factor + sec_remainder * USECS_PER_SEC); - if (result_double > PG_INT64_MAX || result_double < PG_INT64_MIN) + if (isnan(result_double) || !FLOAT8_FITS_IN_INT64(result_double)) ereport(ERROR, (errcode(ERRCODE_DATETIME_VALUE_OUT_OF_RANGE), errmsg("interval out of range"))); diff --git a/src/bin/pgbench/pgbench.c b/src/bin/pgbench/pgbench.c index 43841e8eb4..2ccab93fbe 100644 --- a/src/bin/pgbench/pgbench.c +++ b/src/bin/pgbench/pgbench.c @@ -1160,10 +1160,11 @@ coerceToInt(PgBenchValue *pval, int64 *ival) } else { - double dval = pval->u.dval; + double dval; Assert(pval->type == PGBT_DOUBLE); - if (dval < PG_INT64_MIN || PG_INT64_MAX < dval) + dval = rint(pval->u.dval); + if (isnan(dval) || !FLOAT8_FITS_IN_INT64(dval)) { fprintf(stderr, "double to int overflow for %f\n", dval); return false; diff --git a/src/include/c.h b/src/include/c.h index 3199be3054..bbd2870134 100644 --- a/src/include/c.h +++ b/src/include/c.h @@ -943,6 +943,30 @@ typedef NameData *Name; *_start++ = 0; \ } while (0) +/* + * Macros for range-checking float values before converting to integer. + * We must be careful here that the boundary values are expressed exactly + * in the float domain. PG_INTnn_MIN is an exact power of 2, so it will + * be represented exactly; but PG_INTnn_MAX isn't, and might get rounded + * off, so avoid using that. + * The input must be rounded to an integer beforehand, typically with rint(), + * else we might draw the wrong conclusion about close-to-the-limit values. + * These macros will do the right thing for Inf, but not necessarily for NaN, + * so check isnan(num) first if that's a possibility. + */ +#define FLOAT4_FITS_IN_INT16(num) \ + ((num) >= (float4) PG_INT16_MIN && (num) < -((float4) PG_INT16_MIN)) +#define FLOAT4_FITS_IN_INT32(num) \ + ((num) >= (float4) PG_INT32_MIN && (num) < -((float4) PG_INT32_MIN)) +#define FLOAT4_FITS_IN_INT64(num) \ + ((num) >= (float4) PG_INT64_MIN && (num) < -((float4) PG_INT64_MIN)) +#define FLOAT8_FITS_IN_INT16(num) \ + ((num) >= (float8) PG_INT16_MIN && (num) < -((float8) PG_INT16_MIN)) +#define FLOAT8_FITS_IN_INT32(num) \ + ((num) >= (float8) PG_INT32_MIN && (num) < -((float8) PG_INT32_MIN)) +#define FLOAT8_FITS_IN_INT64(num) \ + ((num) >= (float8) PG_INT64_MIN && (num) < -((float8) PG_INT64_MIN)) + /* ---------------------------------------------------------------- * Section 8: random stuff diff --git a/src/test/regress/expected/interval.out b/src/test/regress/expected/interval.out index f88f34550a..f772909e49 100644 --- a/src/test/regress/expected/interval.out +++ b/src/test/regress/expected/interval.out @@ -232,6 +232,9 @@ INSERT INTO INTERVAL_TBL_OF (f1) VALUES ('-2147483648 years'); ERROR: interval out of range LINE 1: INSERT INTO INTERVAL_TBL_OF (f1) VALUES ('-2147483648 years'... ^ +-- Test edge-case overflow detection in interval multiplication +select extract(epoch from '256 microseconds'::interval * (2^55)::float8); +ERROR: interval out of range SELECT r1.*, r2.* FROM INTERVAL_TBL_OF r1, INTERVAL_TBL_OF r2 WHERE r1.f1 > r2.f1 diff --git a/src/test/regress/sql/interval.sql b/src/test/regress/sql/interval.sql index bc5537d1b9..eb1e84f053 100644 --- a/src/test/regress/sql/interval.sql +++ b/src/test/regress/sql/interval.sql @@ -73,6 +73,9 @@ INSERT INTO INTERVAL_TBL_OF (f1) VALUES ('-2147483649 days'); INSERT INTO INTERVAL_TBL_OF (f1) VALUES ('2147483647 years'); INSERT INTO INTERVAL_TBL_OF (f1) VALUES ('-2147483648 years'); +-- Test edge-case overflow detection in interval multiplication +select extract(epoch from '256 microseconds'::interval * (2^55)::float8); + SELECT r1.*, r2.* FROM INTERVAL_TBL_OF r1, INTERVAL_TBL_OF r2 WHERE r1.f1 > r2.f1 |