Skip to content

sqlite: validate maxSize argument in createTagStore()#63792

Open
Anshikakalpana wants to merge 1 commit into
nodejs:mainfrom
Anshikakalpana:fix/sqlite-createTagStore-maxSize-validation
Open

sqlite: validate maxSize argument in createTagStore()#63792
Anshikakalpana wants to merge 1 commit into
nodejs:mainfrom
Anshikakalpana:fix/sqlite-createTagStore-maxSize-validation

Conversation

@Anshikakalpana
Copy link
Copy Markdown
Contributor

@Anshikakalpana Anshikakalpana commented Jun 8, 2026

Fixes: #63791

database.createTagStore() accepted invalid values for its maxSize argument without throwing. Negative integers caused integer overflow, NaN and floats produced garbage capacity values, and strings were silently ignored.

The maxSize parameter is documented as {integer} and represents a cache size, so negative values are meaningless.

This PR adds validation to reject:

  • Non-integer values (NaN, floats, strings) with ERR_INVALID_ARG_TYPE
  • Negative integers with ERR_OUT_OF_RANGE

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Jun 8, 2026

Review requested:

  • @nodejs/sqlite

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem. labels Jun 8, 2026
@Anshikakalpana
sqlite: validate maxSize argument in createTagStore()
3c0477b 
Signed-off-by: anshikakalpana <anshikajain196872@gmail.com>
@Anshikakalpana Anshikakalpana force-pushed the fix/sqlite-createTagStore-maxSize-validation branch from 68d5139 to 3c0477b Compare June 8, 2026 11:23
aduh95
aduh95 reviewed Jun 8, 2026
View reviewed changes
Comment thread src/node_sqlite.cc
if (capacity < 0) {
THROW_ERR_OUT_OF_RANGE(
env->isolate(),
"The \"maxSize\" argument must be a non-negative integer.");
Copy link
Copy Markdown
Contributor

@aduh95 aduh95 Jun 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we accept 0, technically that's a negative number

Suggested change
"The \"maxSize\" argument must be a non-negative integer.");
"The \"maxSize\" argument must be a positive integer.");

aduh95
aduh95 reviewed Jun 8, 2026
View reviewed changes
Comment thread src/node_sqlite.cc
if (args.Length() > 0 && !args[0]->IsUndefined()) {
if (!args[0]->IsInt32()) {
THROW_ERR_INVALID_ARG_TYPE(
env->isolate(), "The \"maxSize\" argument must be an integer.");
Copy link
Copy Markdown
Contributor

@aduh95 aduh95 Jun 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the user runs database.createTagStore(Number.MAX_SAFE_INTEGER), that error message is going to be confusing

aduh95
aduh95 reviewed Jun 8, 2026
View reviewed changes
Comment thread test/parallel/test-sqlite-template-tag.js
Comment on lines +124 to +129
code: 'ERR_INVALID_ARG_TYPE',
message: /maxSize/,
});

assert.throws(() => db.createTagStore(1.5), {
code: 'ERR_INVALID_ARG_TYPE',
Copy link
Copy Markdown
Contributor

@aduh95 aduh95 Jun 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should likely be ERR_OUT_OF_RANGE, like e.g. node -e 'child_process.spawn("/dev/null", { uid: 1.3 })' does

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduh95 aduh95 aduh95 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sqlite: createTagStore() accepts invalid maxSize values (negative , NaN , float)

3 participants

@Anshikakalpana @nodejs-github-bot @aduh95