Hello everyone,
In src/backend/utils/adt/formatting.c:1516, there is a get_th() function utilized to return ST/ND/RD/TH suffixes for
simplenumbers.
Upon reviewing its behavior, it appears capable of receiving non-numeric inputs (this is verified by a check at
formatting.c:1527).
Given that the function can accept non-numeric inputs,
it is plausible that it could also receive an empty input,
although a brief examination of its calls did not reveal any such instances.
Nevertheless, if the function were to receive an empty input of zero length,
a buffer underflow would occur when attempting to compute *(num + (len - 1)), as (len - 1) would result in a negative
shift.
To mitigate this issue, I propose a patch incorporating the zero_length_character_string error code, as detailed in the
attachment.
--
Best regards,
Alexander Kuznetsov