Skip to content

sqlite: validate maxSize argument in createTagStore()#63792

Open
Anshikakalpana wants to merge 1 commit into
nodejs:mainfrom
Anshikakalpana:fix/sqlite-createTagStore-maxSize-validation
Open

sqlite: validate maxSize argument in createTagStore()#63792
Anshikakalpana wants to merge 1 commit into
nodejs:mainfrom
Anshikakalpana:fix/sqlite-createTagStore-maxSize-validation

Conversation

@Anshikakalpana

@Anshikakalpana Anshikakalpana commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Fixes: #63791

database.createTagStore() accepted invalid values for its maxSize argument without throwing. Negative integers caused integer overflow, NaN and floats produced garbage capacity values, and strings were silently ignored.

The maxSize parameter is documented as {integer} and represents a cache size, so negative values are meaningless.

This PR adds validation to reject:

  • Non-integer values (NaN, floats, strings) with ERR_INVALID_ARG_TYPE
  • Negative integers with ERR_OUT_OF_RANGE

@nodejs-github-bot

nodejs-github-bot commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/sqlite

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem. labels Jun 8, 2026
@Anshikakalpana Anshikakalpana force-pushed the fix/sqlite-createTagStore-maxSize-validation branch from 68d5139 to 3c0477b Compare June 8, 2026 11:23
aduh95
aduh95 reviewed Jun 8, 2026
View reviewed changes
Comment thread src/node_sqlite.cc Outdated
if (capacity < 0) {
THROW_ERR_OUT_OF_RANGE(
env->isolate(),
"The \"maxSize\" argument must be a non-negative integer.");

@aduh95 aduh95 Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we accept 0, technically that's a negative number

Suggested change
"The \"maxSize\" argument must be a non-negative integer.");
"The \"maxSize\" argument must be a positive integer.");

@Anshikakalpana Anshikakalpana Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — now using val <= 0 check, so 0 is also rejected with ERR_OUT_OF_RANGE.

aduh95
aduh95 reviewed Jun 8, 2026
View reviewed changes
Comment thread src/node_sqlite.cc Outdated
if (args.Length() > 0 && !args[0]->IsUndefined()) {
if (!args[0]->IsInt32()) {
THROW_ERR_INVALID_ARG_TYPE(
env->isolate(), "The \"maxSize\" argument must be an integer.");

@aduh95 aduh95 Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the user runs database.createTagStore(Number.MAX_SAFE_INTEGER), that error message is going to be confusing

@Anshikakalpana Anshikakalpana Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — replaced IsInt32() with IsNumber() + double range check. Now Number.MAX_SAFE_INTEGER correctly throws ERR_OUT_OF_RANGE.

aduh95
aduh95 reviewed Jun 8, 2026
View reviewed changes
Comment thread test/parallel/test-sqlite-template-tag.js Outdated
Comment on lines +124 to +129
code: 'ERR_INVALID_ARG_TYPE',
message: /maxSize/,
});

assert.throws(() => db.createTagStore(1.5), {
code: 'ERR_INVALID_ARG_TYPE',

@aduh95 aduh95 Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should likely be ERR_OUT_OF_RANGE, like e.g. node -e 'child_process.spawn("/dev/null", { uid: 1.3 })' does

@Anshikakalpana Anshikakalpana Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — floats now throw ERR_OUT_OF_RANGE instead of ERR_INVALID_ARG_TYPE.

@Anshikakalpana
sqlite: validate maxSize argument in createTagStore()
406e215 
Signed-off-by: anshikakalpana <anshikajain196872@gmail.com>
@Anshikakalpana Anshikakalpana force-pushed the fix/sqlite-createTagStore-maxSize-validation branch from 3c0477b to 406e215 Compare June 9, 2026 07:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduh95 aduh95 aduh95 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sqlite: createTagStore() accepts invalid maxSize values (negative , NaN , float)

3 participants

@Anshikakalpana @nodejs-github-bot @aduh95