[Tile-serving] [openstreetmap/osm2pgsql] Avoid crashing on out-of-range inputs for int4 columns (#956)

[Andy Allan]

gravitystorm commented on this pull request.



> @@ -457,12 +457,21 @@ void table_t::escape_type(const string &value, ColumnType flags)
     switch (flags) {
     case COLUMN_TYPE_INT: {
         // For integers we take the first number, or the average if it's a-b
-        long from, to;
-        int items = sscanf(value.c_str(), "%ld-%ld", &from, &to);
-        if (items == 1) {
+        int64_t from, to;
+        // limit number of digits parsed to avoid undefined behaviour in sscanf
+        int items = sscanf(value.c_str(), "%18ld-%18ld", &from, &to);

OK, anyone got any suggestions of what integer type we can use and what format string to pair it with? It needs to parse *more than 32 bits* so that we can constrain it with a digit specifier and still get the full 32 bit output.

So far we've tried 
* `int64_t` with `%18ld` (macosx didn't like this)
* `long long` with `%18Ld` (no L in C++11)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/osm2pgsql/pull/956#discussion_r330474505
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/tile-serving/attachments/20191002/03c2feeb/attachment.html>