diff --git a/src/backend/utils/adt/date.c b/src/backend/utils/adt/date.c index e2236d2595..0fc187e0d6 100644 --- a/src/backend/utils/adt/date.c +++ b/src/backend/utils/adt/date.c @@ -1956,9 +1956,8 @@ timetz_recv(PG_FUNCTION_ARGS) result->zone = pq_getmsgint(buf, sizeof(result->zone)); - /* we allow GMT displacements up to 14:59:59, cf DecodeTimezone() */ - if (result->zone <= -15 * SECS_PER_HOUR || - result->zone >= 15 * SECS_PER_HOUR) + /* Check for sane GMT displacement; see notes in datatype/timestamp.h */ + if (result->zone <= -TZDISP_LIMIT || result->zone >= TZDISP_LIMIT) ereport(ERROR, (errcode(ERRCODE_INVALID_TIME_ZONE_DISPLACEMENT_VALUE), errmsg("time zone displacement out of range"))); diff --git a/src/backend/utils/adt/datetime.c b/src/backend/utils/adt/datetime.c index 31ae045da9..d5d34da552 100644 --- a/src/backend/utils/adt/datetime.c +++ b/src/backend/utils/adt/datetime.c @@ -2698,9 +2698,6 @@ DecodeNumberField(int len, char *str, int fmask, * Return 0 if okay (and set *tzp), a DTERR code if not okay. * * NB: this must *not* ereport on failure; see commands/variable.c. - * - * Note: we allow timezone offsets up to 13:59. There are places that - * use +1300 summer time. */ static int DecodeTimezone(char *str, int *tzp) @@ -2745,7 +2742,8 @@ DecodeTimezone(char *str, int *tzp) else min = 0; - if (hr < 0 || hr > 14) + /* Range-check the values; see notes in datatype/timestamp.h */ + if (hr < 0 || hr > MAX_TZDISP_HOUR) return DTERR_TZDISP_OVERFLOW; if (min < 0 || min >= MINS_PER_HOUR) return DTERR_TZDISP_OVERFLOW; diff --git a/src/include/datatype/timestamp.h b/src/include/datatype/timestamp.h index 7d546fbe68..0583d45fad 100644 --- a/src/include/datatype/timestamp.h +++ b/src/include/datatype/timestamp.h @@ -105,6 +105,16 @@ typedef struct #define USECS_PER_MINUTE INT64CONST(60000000) #define USECS_PER_SEC INT64CONST(1000000) +/* + * We allow numeric timezone offsets up to 15:59:59 either way from Greenwich. + * Currently, the record holders for wackiest offsets in actual use are zones + * Asia/Manila, at -15:56:00 until 1844, and America/Metlakatla, at +15:13:42 + * until 1867. If we were to reject such values we would fail to dump and + * restore old timestamptz values with these zone settings. + */ +#define MAX_TZDISP_HOUR 15 /* maximum allowed hour part */ +#define TZDISP_LIMIT ((MAX_TZDISP_HOUR + 1) * SECS_PER_HOUR) + /* * DT_NOBEGIN represents timestamp -infinity; DT_NOEND represents +infinity */