Re: Seg-fault in format(text)

Dean Rasheed <dean.a.rasheed@gmail.com> writes:
> Testing 9.1beta:
> select format('Hello %s, %2147483648$s', 'World');
> server closed the connection unexpectedly

Yeah, same here.

>               do
>               {
>                   /* Treat overflowing arg position as unterminated. */
> !                 if (arg > INT_MAX / 10)
>                       break;
>                   arg = arg * 10 + (*cp - '0');
>                   ++cp;
> --- 3837,3843 ----
>               do
>               {
>                   /* Treat overflowing arg position as unterminated. */
> !                 if (arg >= INT_MAX / 10)
>                       break;
>                   arg = arg * 10 + (*cp - '0');
>                   ++cp;

Not sure I trust this fix to catch all cases --- seems like the addition
could still overflow.  It'd probably be better if we made this code look
like the overflow test in scanint8:

        int64        newtmp = tmp * 10 + (*ptr++ - '0');

        if ((newtmp / 10) != tmp)        /* overflow? */


            regards, tom lane