> It's capable of throwing an error (see timestamp2timestamptz_opt_overflow).
Yes, It's capable of throwing an error(timestamp out of range) , but the message "timestamp out of range" is not sensitive information. Only from this function(timestamp_gt_timestamptz), can it be marked as leakproof?
"qiumingcheng" <qiumingcheng@aliyun.com> writes: > 2. What's the reason about the function timestamp_gt_timestampz may cause data leakage? Can you explain how it causes data leakage?
It's capable of throwing an error (see timestamp2timestamptz_opt_overflow). Now, maybe that's unreachable, or maybe we could rerrange things to remove it. But there's still enough code underneath the timezone conversion requirement that I'd be very hesitant to apply a leakproof marking. In short: it might be leakproof in practice, but we don't wish to offer a guarantee.