Robert Haas <robertmhaas@gmail.com> writes:
> On Tue, May 4, 2010 at 10:29 AM, Kevin Grittner
> <Kevin.Grittner@wicourts.gov> wrote:
>> We have maintained nonstandard behavior in the past for
>> compatibility reasons, so it's a fair question; however, I'm
>> inclined toward the standard on this one.
> In a case like this, it seems unlikely that someone would be counting
> on a negative value to throw an error, so I tend to regard doing
> something else as an extension of the standard rather than a deviation
> from it. But I don't have strong feelings about it.
The reason we changed it is that our other versions of substring()
already had the spec-required behavior of throwing error for negative
length. Only the bit/varbit implementation was out of step.
The OP did not state that this behavioral change broke his application,
anyway. I suspect the actual subtext is that he's poking into the
vulnerability report that was issued against the unpatched code.
regards, tom lane