fix postgres: fail on possible overflows during narrowing type conversions

Adds an explicit `numeric_cast` to `IntegralBinaryParser` that throws an exception on overflow when casting to the user-specified C++ type. This change can potentially break client code that relies on implicit overflows.
commit_hash:ff55e525ae322e07d592468b78c2c01de1600fcb

Author: lexeyo

postgresql/include/userver/storages/postgres/io/integral_types.hpp

@@ -12,6 +12,7 @@
 #include <userver/storages/postgres/io/buffer_io_base.hpp>
 #include <userver/storages/postgres/io/traits.hpp>
 #include <userver/storages/postgres/io/type_mapping.hpp>
+#include <userver/utils/numeric_cast.hpp>
 
 USERVER_NAMESPACE_BEGIN
 
@@ -53,17 +54,21 @@ template <typename T>
 struct IntegralBinaryParser : BufferParserBase<T> {
     using BaseType = BufferParserBase<T>;
     using BaseType::BaseType;
+    using ValueType = typename BaseType::ValueType;
 
     void operator()(const FieldBuffer& buf) {
         switch (buf.length) {
             case 2:
-                this->value = IntegralBySizeParser<2>::ParseBuffer(buf);
+                this->value = USERVER_NAMESPACE::utils::numeric_cast<ValueType>(IntegralBySizeParser<2>::ParseBuffer(buf
+                ));
                 break;
             case 4:
-                this->value = IntegralBySizeParser<4>::ParseBuffer(buf);
+                this->value = USERVER_NAMESPACE::utils::numeric_cast<ValueType>(IntegralBySizeParser<4>::ParseBuffer(buf
+                ));
                 break;
             case 8:
-                this->value = IntegralBySizeParser<8>::ParseBuffer(buf);
+                this->value = USERVER_NAMESPACE::utils::numeric_cast<ValueType>(IntegralBySizeParser<8>::ParseBuffer(buf
+                ));
                 break;
             default:
                 throw InvalidInputBufferSize{fmt::format(

postgresql/src/storages/postgres/tests/integral_test.cpp

@@ -1,5 +1,8 @@
 #include <gtest/gtest.h>
 
+#include <limits>
+#include <stdexcept>
+
 #include <storages/postgres/detail/connection.hpp>
 #include <storages/postgres/tests/test_buffers.hpp>
 #include <storages/postgres/tests/util_pgtest.hpp>
@@ -20,6 +23,23 @@ class PostgreIOIntegral : public ::testing::Test {};
 
 using IntTypes = ::testing::Types<pg::Smallint, pg::Integer, pg::Bigint, short, int, long, long long>;
 
+template <typename TPgType, typename TValueType>
+struct NarrowingTypes {
+    using PgType = TPgType;
+    using ValueType = TValueType;
+};
+
+template <typename NarrowingTypes>
+class PostgreIOIntegralNarrowing : public ::testing::Test {
+    using PgType = typename NarrowingTypes::PgType;
+    using ValueType = typename NarrowingTypes::ValueType;
+};
+
+using NarrowingTestTypes = ::testing::Types<
+    NarrowingTypes<pg::Integer, pg::Smallint>,
+    NarrowingTypes<pg::Bigint, pg::Smallint>,
+    NarrowingTypes<pg::Bigint, pg::Integer> >;
+
 }  // namespace
 
 TEST(PostgreIOIntegral, ParserRegistry) {
@@ -48,14 +68,51 @@ TYPED_TEST(PostgreIOIntegral, Int) {
     static_assert(tt::kIsMappedToPg<TypeParam>, "missing mapping");
     static_assert(tt::kHasFormatter<TypeParam>, "missing binary formatter");
     static_assert(tt::kHasParser<TypeParam>, "missing binary parser");
+    using Limits = std::numeric_limits<TypeParam>;
 
-    pg::test::Buffer buffer;
-    const TypeParam src{42};
-    UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, src));
-    auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
-    TypeParam tgt{0};
-    UEXPECT_NO_THROW(io::ReadBuffer(fb, tgt));
-    EXPECT_EQ(src, tgt);
+    for (const TypeParam src :
+         {Limits::lowest(), TypeParam(-42), TypeParam(-1), TypeParam(0), TypeParam(1), TypeParam(42), Limits::max()})
+    {
+        pg::test::Buffer buffer;
+        UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, src));
+        auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
+        TypeParam tgt{0};
+        UEXPECT_NO_THROW(io::ReadBuffer(fb, tgt));
+        EXPECT_EQ(src, tgt);
+    }
+}
+
+TYPED_TEST_SUITE(PostgreIOIntegralNarrowing, NarrowingTestTypes);
+
+TYPED_TEST(PostgreIOIntegralNarrowing, Success) {
+    using ValueType = typename TypeParam::ValueType;
+    using Limits = std::numeric_limits<ValueType>;
+
+    for (const ValueType src :
+         {Limits::lowest(), ValueType(-42), ValueType(-1), ValueType(0), ValueType(1), ValueType(42), Limits::max()})
+    {
+        pg::test::Buffer buffer;
+        const typename TypeParam::PgType output = src;
+        UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, output));
+        auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
+        ValueType tgt{0};
+        UEXPECT_NO_THROW(io::ReadBuffer(fb, tgt));
+        EXPECT_EQ(src, tgt);
+    }
+}
+
+TYPED_TEST(PostgreIOIntegralNarrowing, Fail) {
+    using ValueType = typename TypeParam::ValueType;
+    using PgType = typename TypeParam::PgType;
+    using Limits = std::numeric_limits<ValueType>;
+
+    for (const PgType src : {static_cast<PgType>(Limits::lowest()) - 1, static_cast<PgType>(Limits::max()) + 1}) {
+        pg::test::Buffer buffer;
+        UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, src));
+        auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
+        ValueType tgt{0};
+        UEXPECT_THROW(io::ReadBuffer(fb, tgt), std::runtime_error);
+    }
 }
 
 USERVER_NAMESPACE_END