From 8fb3b6e3a6c53ec67560684b77f95dde414a5f2d Mon Sep 17 00:00:00 2001
From: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Date: Wed, 24 Jul 2024 12:31:45 +0300
Subject: [PATCH] Detect buffer underflow in get_th()

If get_th() can receive input that is not a number,
then it can also receive empty input.

Empty input with zero length can result in a buffer underflow
when accessing *(num + (len - 1)), as (len - 1) would produce a negative index.
Add a check for zero-length input to prevent it.

This was found by ALT Linux Team.
---
 src/backend/utils/adt/formatting.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/backend/utils/adt/formatting.c b/src/backend/utils/adt/formatting.c
index 5bd1e01f7e46..fb2706134764 100644
--- a/src/backend/utils/adt/formatting.c
+++ b/src/backend/utils/adt/formatting.c
@@ -1565,6 +1565,11 @@ get_th(char *num, int type)
 	int			len = strlen(num),
 				last;
 
+	if (len == 0)
+		ereport(ERROR,
+				(errcode(ERRCODE_ZERO_LENGTH_CHARACTER_STRING),
+				 errmsg("input cannot be empty string")));
+
 	last = *(num + (len - 1));
 	if (!isdigit((unsigned char) last))
 		ereport(ERROR,