fix postgres, utils: fail on possible overflows during float to double conversions

Adds an explicit `numeric_cast` to `FloatingPointBinaryParser` that throws an exception on overflow when casting `double` to `float`. This change can potentially break client code that relies on implicit overflows.

Adds `numeric_cast` implementations for casts between `float` and `double`.
commit_hash:ed3ba3e886cfcaaf0e8bee7e8b302fde3fb4a91d

Author: lexeyo

.mapping.json

@@ -3534,6 +3534,7 @@
   "postgresql/src/storages/postgres/tests/dsn_test.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/dsn_test.cpp",
   "postgresql/src/storages/postgres/tests/enums_pgtest.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/enums_pgtest.cpp",
   "postgresql/src/storages/postgres/tests/error_test.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/error_test.cpp",
+  "postgresql/src/storages/postgres/tests/floating_point_test.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/floating_point_test.cpp",
   "postgresql/src/storages/postgres/tests/geometry_pgtest.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/geometry_pgtest.cpp",
   "postgresql/src/storages/postgres/tests/integral_test.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/integral_test.cpp",
   "postgresql/src/storages/postgres/tests/interval_pgtest.cpp":"taxi/uservices/userver/postgresql/src/storages/postgres/tests/interval_pgtest.cpp",

postgresql/include/userver/storages/postgres/io/floating_point_types.hpp

@@ -49,14 +49,15 @@ template <typename T>
 struct FloatingPointBinaryParser : BufferParserBase<T> {
     using BaseType = BufferParserBase<T>;
     using BaseType::BaseType;
+    using ValueType = typename BaseType::ValueType;
 
     void operator()(const FieldBuffer& buf) {
         switch (buf.length) {
             case 4:
-                this->value = FloatingPointBySizeParser<4>::ParseBuffer(buf);
+                this->value = NumericCast<ValueType>(FloatingPointBySizeParser<4>::ParseBuffer(buf));
                 break;
             case 8:
-                this->value = FloatingPointBySizeParser<8>::ParseBuffer(buf);
+                this->value = NumericCast<ValueType>(FloatingPointBySizeParser<8>::ParseBuffer(buf));
                 break;
             default:
                 throw InvalidInputBufferSize{

postgresql/src/storages/postgres/tests/floating_point_test.cpp

@@ -0,0 +1,84 @@
+#include <gtest/gtest.h>
+
+#include <limits>
+
+#include <storages/postgres/detail/connection.hpp>
+#include <storages/postgres/tests/test_buffers.hpp>
+#include <storages/postgres/tests/util_pgtest.hpp>
+
+USERVER_NAMESPACE_BEGIN
+
+namespace pg = storages::postgres;
+namespace io = pg::io;
+
+namespace {
+
+namespace tt = io::traits;
+
+const pg::UserTypes types;
+
+template <typename Float>
+class PostgreIOFloating : public ::testing::Test {};
+
+using FloatTypes = ::testing::Types<float, double>;
+
+}  // namespace
+
+TEST(PostgreIOFloating, ParserRegistry) {
+    EXPECT_TRUE(io::HasParser(io::PredefinedOids::kFloat4));
+    EXPECT_TRUE(io::HasParser(io::PredefinedOids::kFloat8));
+}
+
+TYPED_TEST_SUITE(PostgreIOFloating, FloatTypes);
+
+TYPED_TEST(PostgreIOFloating, Float) {
+    static_assert(tt::kIsMappedToPg<TypeParam>, "missing mapping");
+    static_assert(tt::kHasFormatter<TypeParam>, "missing binary formatter");
+    static_assert(tt::kHasParser<TypeParam>, "missing binary parser");
+    using Limits = std::numeric_limits<TypeParam>;
+
+    for (const TypeParam src :
+         {Limits::lowest(),
+          TypeParam(-42.0),
+          TypeParam(-1.1),
+          TypeParam(0.),
+          TypeParam(1.5),
+          TypeParam(36.6),
+          Limits::max()})
+    {
+        pg::test::Buffer buffer;
+        UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, src));
+        auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
+        TypeParam tgt{0};
+        UEXPECT_NO_THROW(io::ReadBuffer(fb, tgt));
+        EXPECT_EQ(src, tgt);
+    }
+}
+
+TEST(PostgreIOFloating, NarrowingSuccess) {
+    using Limits = std::numeric_limits<float>;
+
+    for (const float src : {Limits::lowest(), -42.0f, -1.1f, 0.f, 1.5f, 36.6f, Limits::max()}) {
+        pg::test::Buffer buffer;
+        const double output = src;
+        UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, output));
+        auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
+        float tgt{0};
+        UEXPECT_NO_THROW(io::ReadBuffer(fb, tgt));
+        EXPECT_EQ(src, tgt);
+    }
+}
+
+TEST(PostgreIOFloating, NarrowingFail) {
+    using Limits = std::numeric_limits<float>;
+
+    for (const double src : {2.0 * Limits::lowest(), 2.0 * Limits::max()}) {
+        pg::test::Buffer buffer;
+        UEXPECT_NO_THROW(io::WriteBuffer(types, buffer, src));
+        auto fb = pg::test::MakeFieldBuffer(buffer, io::BufferCategory::kPlainBuffer);
+        float tgt{0};
+        UEXPECT_THROW(io::ReadBuffer(fb, tgt), storages::postgres::NarrowingOverflow);
+    }
+}
+
+USERVER_NAMESPACE_END

universal/include/userver/utils/numeric_cast.hpp

@@ -29,22 +29,32 @@ using PrintableValue = std::conditional_t<(sizeof(T) > 1), T, int>;
 /// @snippet utils/numeric_cast_test.cpp  Sample utils::numeric_cast usage
 template <typename To, typename Exception = std::runtime_error, typename From>
 constexpr To numeric_cast(From input) {  // NOLINT(readability-identifier-naming)
-    static_assert(std::is_integral_v<From>);
-    static_assert(std::is_integral_v<To>);
+    constexpr bool is_integral = std::is_integral_v<From> && std::is_integral_v<To>;
+    constexpr bool is_floating_point = std::is_floating_point_v<From> && std::is_floating_point_v<To>;
+    static_assert(is_integral || is_floating_point);
+
     using FromLimits = std::numeric_limits<From>;
     using ToLimits = std::numeric_limits<To>;
 
+    constexpr bool check_positive_overflow =
+        is_integral ? ToLimits::digits < FromLimits::digits : ToLimits::max() < FromLimits::max();
+    constexpr bool check_negative_overflow =
+        is_integral
+            ?
+            // signed -> signed: possible loss if narrowing
+            // signed -> unsigned: loss if negative
+            FromLimits::is_signed && (!ToLimits::is_signed || ToLimits::digits < FromLimits::digits)
+            : ToLimits::lowest() > FromLimits::lowest();
+
     std::string_view overflow_type{};
 
-    if constexpr (ToLimits::digits < FromLimits::digits) {
+    if constexpr (check_positive_overflow) {
         if (input > static_cast<From>(ToLimits::max())) {
             overflow_type = "positive";
         }
     }
 
-    // signed -> signed: loss if narrowing
-    // signed -> unsigned: loss
-    if constexpr (FromLimits::is_signed && (!ToLimits::is_signed || ToLimits::digits < FromLimits::digits)) {
+    if constexpr (check_negative_overflow) {
         if (input < static_cast<From>(ToLimits::lowest())) {
             overflow_type = "negative";
         }

universal/src/utils/numeric_cast_test.cpp

@@ -1,3 +1,5 @@
+#include <limits>
+
 #include <gmock/gmock.h>
 #include <userver/utest/assert_macros.hpp>
 
@@ -7,11 +9,28 @@ USERVER_NAMESPACE_BEGIN
 
 namespace {
 
-TEST(NumericCast, CompileTime) { static_assert(utils::numeric_cast<unsigned int>(1) == 1u); }
+TEST(NumericCast, CompileTime) {
+    static_assert(utils::numeric_cast<unsigned int>(1) == 1u);
+    static_assert(utils::numeric_cast<float>(1.0) == 1.0f);
+    static_assert(utils::numeric_cast<double>(1.0f) == 1.0);
+    static_assert(utils::numeric_cast<long double>(1.0) == 1.0L);
+}
 
 TEST(NumericCast, Smoke) {
     EXPECT_EQ(utils::numeric_cast<unsigned int>(1), 1u);
     EXPECT_EQ(utils::numeric_cast<std::size_t>(1), static_cast<std::size_t>(1));
+
+    EXPECT_EQ(utils::numeric_cast<float>(1.0f), 1.0f);
+    EXPECT_EQ(utils::numeric_cast<float>(1.0), 1.0f);
+    EXPECT_EQ(utils::numeric_cast<float>(1.0L), 1.0f);
+
+    EXPECT_EQ(utils::numeric_cast<double>(1.0f), 1.0);
+    EXPECT_EQ(utils::numeric_cast<double>(1.0), 1.0);
+    EXPECT_EQ(utils::numeric_cast<double>(1.0L), 1.0);
+
+    EXPECT_EQ(utils::numeric_cast<long double>(1.0f), 1.0L);
+    EXPECT_EQ(utils::numeric_cast<long double>(1.0), 1.0L);
+    EXPECT_EQ(utils::numeric_cast<long double>(1.0L), 1.0L);
 }
 
 TEST(NumericCast, SignedToUnsignedOverflow) {
@@ -32,6 +51,29 @@ TEST(NumericCast, UnsignedToSignedOverflow) {
     EXPECT_THROW(utils::numeric_cast<std::int16_t>(0x8000), std::runtime_error);
 }
 
+TEST(NumericCast, FloatingPointOverflow) {
+    /// [Sample utils::numeric_cast usage]
+    using FloatLimits = std::numeric_limits<float>;
+
+    EXPECT_EQ(utils::numeric_cast<float>(double(FloatLimits::max())), FloatLimits::max());
+    EXPECT_THROW(utils::numeric_cast<float>(2.0 * FloatLimits::max()), std::runtime_error);
+    EXPECT_EQ(utils::numeric_cast<float>(static_cast<long double>(FloatLimits::max())), FloatLimits::max());
+    EXPECT_THROW(utils::numeric_cast<float>(2.0L * FloatLimits::max()), std::runtime_error);
+
+    EXPECT_EQ(utils::numeric_cast<float>(double(FloatLimits::lowest())), FloatLimits::lowest());
+    EXPECT_THROW(utils::numeric_cast<float>(2.0 * FloatLimits::lowest()), std::runtime_error);
+    EXPECT_EQ(utils::numeric_cast<float>(static_cast<long double>(FloatLimits::lowest())), FloatLimits::lowest());
+    EXPECT_THROW(utils::numeric_cast<float>(2.0L * FloatLimits::lowest()), std::runtime_error);
+
+    using DoubleLimits = std::numeric_limits<double>;
+
+    EXPECT_EQ(utils::numeric_cast<double>(static_cast<long double>(DoubleLimits::max())), DoubleLimits::max());
+    EXPECT_THROW(utils::numeric_cast<double>(2.0L * DoubleLimits::max()), std::runtime_error);
+    EXPECT_EQ(utils::numeric_cast<double>(static_cast<long double>(DoubleLimits::lowest())), DoubleLimits::lowest());
+    EXPECT_THROW(utils::numeric_cast<double>(2.0L * DoubleLimits::lowest()), std::runtime_error);
+    /// [Sample utils::numeric_cast usage]
+}
+
 }  // namespace
 
 USERVER_NAMESPACE_END