From 3c0477b401d3ae8e75718ecb1a89dda38edd98d6 Mon Sep 17 00:00:00 2001
From: anshikakalpana <anshikajain196872@gmail.com>
Date: Mon, 8 Jun 2026 16:34:28 +0530
Subject: [PATCH] sqlite: validate maxSize argument in createTagStore()

Signed-off-by: anshikakalpana <anshikajain196872@gmail.com>
---
 src/node_sqlite.cc                        | 16 ++++++++++++---
 test/parallel/test-sqlite-template-tag.js | 24 +++++++++++++++++++++++
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
index d9f979c36b3ce5..ca618660aa2477 100644
--- a/src/node_sqlite.cc
+++ b/src/node_sqlite.cc
@@ -1044,10 +1044,20 @@ void DatabaseSync::CreateTagStore(const FunctionCallbackInfo<Value>& args) {
     return;
   }
   int capacity = 1000;
-  if (args.Length() > 0 && args[0]->IsNumber()) {
-    capacity = args[0].As<Number>()->Value();
+  if (args.Length() > 0 && !args[0]->IsUndefined()) {
+    if (!args[0]->IsInt32()) {
+      THROW_ERR_INVALID_ARG_TYPE(
+          env->isolate(), "The \"maxSize\" argument must be an integer.");
+      return;
+    }
+    capacity = args[0].As<Int32>()->Value();
+    if (capacity < 0) {
+      THROW_ERR_OUT_OF_RANGE(
+          env->isolate(),
+          "The \"maxSize\" argument must be a non-negative integer.");
+      return;
+    }
   }
-
   BaseObjectPtr<SQLTagStore> session =
       SQLTagStore::Create(env, BaseObjectWeakPtr<DatabaseSync>(db), capacity);
   if (!session) {
diff --git a/test/parallel/test-sqlite-template-tag.js b/test/parallel/test-sqlite-template-tag.js
index 0c6328e33af2f6..60176abfee5b41 100644
--- a/test/parallel/test-sqlite-template-tag.js
+++ b/test/parallel/test-sqlite-template-tag.js
@@ -112,6 +112,30 @@ test('TagStore capacity, size, and clear', () => {
   assert.strictEqual(sql.capacity, 10);
 });
 
+test('createTagStore throws on invalid maxSize', () => {
+  const db = new DatabaseSync(':memory:');
+
+  assert.throws(() => db.createTagStore(-1), {
+    code: 'ERR_OUT_OF_RANGE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore(NaN), {
+    code: 'ERR_INVALID_ARG_TYPE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore(1.5), {
+    code: 'ERR_INVALID_ARG_TYPE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore('abc'), {
+    code: 'ERR_INVALID_ARG_TYPE',
+    message: /maxSize/,
+  });
+});
+
 test('sql.db returns the associated DatabaseSync instance', () => {
   assert.strictEqual(sql.db, db);
 });