Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
> The input function of the money type has no overflow checks:
Ugh.
> (Is checking for < 0 a valid overflow check?
No, I don't think it's sufficient after a multiplication by 10. That
would be enough to shift some bits clear out of the word, but there's
no certainty that the new sign bit would be 1.
The scheme used in scanint8 is safe. But I think it was written that way
mainly to avoid hard-wired assumptions about how wide int64 is, a
consideration that's a mite obsolete now. You could possibly avoid the
cost of a division by relying on comparisons to PG_INT64_MAX/10.
regards, tom lane
