On 16.05.24 01:11, Michael Paquier wrote:
> On Wed, May 15, 2024 at 01:59:36PM +0200, Peter Eisentraut wrote:
>> On 14.05.24 18:07, Erik Wienhold wrote:
>>> Patch 0002 replaces atol with pg_strtoint32_safe in the backend parser
>>> and strtoint in ECPG. This fixes overflows like:
>>
>> Seems like a good idea, but as was said, this is an older issue, so let's
>> look at that separately.
>
> Hmm, yeah. I would be really tempted to fix that now.
>
> Now, it has been this way for ages, and with my RMT hat on (aka I need
> to show the example), I'd suggest to wait for when the v18 branch
> opens as there is no urgency. I'm OK to apply it myself at the end,
> the patch is a good idea.
On this specific patch, maybe reword "parameter too large" to "parameter
number too large".
Also, I was bemused by the use of atol(), which is notoriously
unportable (sizeof(long)). So I poked around and found more places that
might need fixing. I'm attaching a patch here with annotations too look
at later.
