Thread: BUG #18200: Undefined behaviour in interval_div
The following bug has been logged on the website: Bug reference: 18200 Logged by: Alexander Lakhin Email address: exclusion@gmail.com PostgreSQL version: 16.1 Operating system: Ubuntu 22.04 Description: The following query: SELECT interval '12000000 months' / 0.001; triggers an ubsan-detected error: timestamp.c:3408:18: runtime error: 1.2e+10 is outside the range of representable values of type 'int' Without ubsan the result is: -178956970 years -8 mons -2562047788:00:54.775808 This bogus value returned on REL_15_STABLE .. master, but on e39f99046~1 I get: ERROR: interval out of range without ubsan. Though with the sanitizer I see the same complaint (and it can be seen on previous branches including REL_12_STABLE): timestamp.c:3318:18: runtime error: 1.2e+10 is outside the range of representable values of type 'int'
On Wed, 2023-11-15 at 13:00 +0000, PG Bug reporting form wrote: > The following query: > SELECT interval '12000000 months' / 0.001; > > triggers an ubsan-detected error: > timestamp.c:3408:18: runtime error: 1.2e+10 is outside the range of > representable values of type 'int' > > Without ubsan the result is: > -178956970 years -8 mons -2562047788:00:54.775808 How about the attached fix? Yours, Laurenz Albe
Attachment
On Wed, 15 Nov 2023 at 17:23, Laurenz Albe <laurenz.albe@cybertec.at> wrote: > > How about the attached fix? > I don't think that's sufficient -- interval_div() should have all the same overflow protections that interval_mul() has, since they're basically doing the same thing. However, I don't think that's sufficient either -- looking at interval_mul(), there is nothing to prevent integer overflow when cascading down, so additional checks are needed there too (in both functions). Regards, Dean
On Wed, 15 Nov 2023 at 18:14, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > looking at > interval_mul(), there is nothing to prevent integer overflow when > cascading down, so additional checks are needed there too (in both > functions). > Here's a patch doing that. I'm inclined to back-patch this, because this seems like something that's quite easily triggered, and returning bogus results is not good. Regards, Dean
Attachment
On Wed, 15 Nov 2023 at 22:41, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > On Wed, 15 Nov 2023 at 18:14, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > > > looking at > > interval_mul(), there is nothing to prevent integer overflow when > > cascading down, so additional checks are needed there too (in both > > functions). > > Here's a patch doing that. I'm inclined to back-patch this > Pushed and back-patched. Regards, Dean