diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2009-01-29 19:24:37 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2009-01-29 19:24:37 +0000 |
| commit | 7eed9ca39722eb46fcb1869abc02292724b585b1 (patch) | |
| tree | 45b24c22ec0e9382693dad69623cc981dacada8a /src/backend/utils/mb/wchar.c | |
| parent | 53759b01ff8746917e6e185de8601154be14c03b (diff) | |
Replace argument-checking Asserts with regular test-and-elog checks in all
encoding conversion functions. These are not can't-happen cases because
it's possible to create a conversion with the wrong conversion function
for the specified encoding pair. That would lead to an Assert crash in
an Assert-enabled build, or incorrect conversion otherwise, neither of
which is desirable. This would be a DOS issue if production databases
were customarily built with asserts enabled, but fortunately that's not so.
Per an observation by Heikki.
Back-patch to all supported branches.
Diffstat (limited to 'src/backend/utils/mb/wchar.c')
| -rw-r--r-- | src/backend/utils/mb/wchar.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/src/backend/utils/mb/wchar.c b/src/backend/utils/mb/wchar.c index 5e841629d82..f2206902f41 100644 --- a/src/backend/utils/mb/wchar.c +++ b/src/backend/utils/mb/wchar.c @@ -1,7 +1,7 @@ /* * conversion functions between pg_wchar and multibyte streams. * Tatsuo Ishii - * $PostgreSQL: pgsql/src/backend/utils/mb/wchar.c,v 1.47.2.7 2008/10/27 19:37:42 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/mb/wchar.c,v 1.47.2.8 2009/01/29 19:24:37 tgl Exp $ * * WIN1250 client encoding updated by Pavel Behal * @@ -1327,6 +1327,39 @@ pg_verify_mbstr(int encoding, const char *mbstr, int len, bool noError) } /* + * check_encoding_conversion_args: check arguments of a conversion function + * + * "expected" arguments can be either an encoding ID or -1 to indicate that + * the caller will check whether it accepts the ID. + * + * Note: the errors here are not really user-facing, so elog instead of + * ereport seems sufficient. Also, we trust that the "expected" encoding + * arguments are valid encoding IDs, but we don't trust the actuals. + */ +void +check_encoding_conversion_args(int src_encoding, + int dest_encoding, + int len, + int expected_src_encoding, + int expected_dest_encoding) +{ + if (!PG_VALID_ENCODING(src_encoding)) + elog(ERROR, "invalid source encoding ID: %d", src_encoding); + if (src_encoding != expected_src_encoding && expected_src_encoding >= 0) + elog(ERROR, "expected source encoding \"%s\", but got \"%s\"", + pg_enc2name_tbl[expected_src_encoding].name, + pg_enc2name_tbl[src_encoding].name); + if (!PG_VALID_ENCODING(dest_encoding)) + elog(ERROR, "invalid destination encoding ID: %d", dest_encoding); + if (dest_encoding != expected_dest_encoding && expected_dest_encoding >= 0) + elog(ERROR, "expected destination encoding \"%s\", but got \"%s\"", + pg_enc2name_tbl[expected_dest_encoding].name, + pg_enc2name_tbl[dest_encoding].name); + if (len < 0) + elog(ERROR, "encoding conversion length must not be negative"); +} + +/* * report_invalid_encoding: complain about invalid multibyte character * * note: len is remaining length of string, not length of character; |