Hi,
On Wed, Apr 07, 2021 at 09:09:25AM +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
>
> Bug reference: 16953
> Logged by: Theodor Arsenij Larionov-Trichkin
> Email address: t.larionov@postgrespro.ru
> PostgreSQL version: 13.2
> Operating system: Ubuntu 20.04.2 LTS
> Description:
>
> 9. Performing this query will result in OOB access of rm_months_lower array
> and as a result crash: SELECT * from TO_CHAR(interval '-1Mon', 'rm');
>
> Output:
> [...]
> terminated by signal 11: Segmentation fault
> 2021-04-07 12:08:01.013 MSK [33887] DETAIL: Failed process was running:
> SELECT * from TO_CHAR(interval '-1Mon', 'rm');
Indeed, thanks a lot for the report!
It's because rm/RM are computed in a way that doesn't play nice with negative
values:
sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -4,
rm_months_lower[MONTHS_PER_YEAR - tm->tm_mon]);
PFA a naive patch to fix this problem with some regression tests. I'm assuming
that -1 month should be january and not december. I had a quick look at the
rest of formatting.c and didn't spot any similar problem, but another pair of
eyes wouldn't hurt.