From f26bb3ae2c424f18c476dc29c548a70b2b78cc00 Mon Sep 17 00:00:00 2001 From: moneytoyang Date: Wed, 28 Aug 2019 17:39:58 +0800 Subject: [PATCH] fix Int value range is incorrect #826 --- src/parser/parser.yy | 37 +++++++++++++++++++++++++++++---- src/parser/scanner.lex | 16 +++++++++++--- src/parser/test/ScannerTest.cpp | 11 +++++----- 3 files changed, 52 insertions(+), 12 deletions(-) diff --git a/src/parser/parser.yy b/src/parser/parser.yy index 6d9d8efd9c0..e1891ed01d5 100644 --- a/src/parser/parser.yy +++ b/src/parser/parser.yy @@ -451,8 +451,18 @@ go_sentence step_clause : %empty { $$ = new StepClause(); } - | INTEGER KW_STEPS { $$ = new StepClause($1); } - | KW_UPTO INTEGER KW_STEPS { $$ = new StepClause($2, true); } + | INTEGER KW_STEPS { + if ((uint64_t)$1 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } + $$ = new StepClause($1); + } + | KW_UPTO INTEGER KW_STEPS { + if ((uint64_t)$2 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } + $$ = new StepClause($2, true); + } ; from_clause @@ -486,12 +496,18 @@ vid unary_integer : PLUS INTEGER { + if ((uint64_t)$2 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } $$ = $2; } | MINUS INTEGER { $$ = -$2; } | INTEGER { + if ((uint64_t)$1 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } $$ = $1; } ; @@ -1269,7 +1285,14 @@ host_item /* TODO(dutor) Support hostname and IPv6 */ ; -port : INTEGER { $$ = $1; } +port + : INTEGER { + if ((uint64_t)$1 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } + $$ = $1; + } + ; config_module_enum : KW_GRAPH { $$ = ConfigModule::GRAPH; } @@ -1339,11 +1362,17 @@ space_opt_list } ; - space_opt_item +space_opt_item : KW_PARTITION_NUM ASSIGN INTEGER { + if ((uint64_t)$3 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } $$ = new SpaceOptItem(SpaceOptItem::PARTITION_NUM, $3); } | KW_REPLICA_FACTOR ASSIGN INTEGER { + if ((uint64_t)$3 == 9223372036854775808ULL) { + LOG(ERROR) << "Integer overflow"; + } $$ = new SpaceOptItem(SpaceOptItem::REPLICA_FACTOR, $3); } // TODO(YT) Create Spaces for different engines diff --git a/src/parser/scanner.lex b/src/parser/scanner.lex index 372b669ae8f..d1fa0018fc1 100644 --- a/src/parser/scanner.lex +++ b/src/parser/scanner.lex @@ -285,8 +285,11 @@ IP_OCTET ([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]) yyterminate(); } } - int64_t val = 0; + uint64_t val = 0; sscanf(yytext, "%lx", &val); + if (val > 0x8000000000000000) { + yyterminate(); + } yylval->intval = val; return TokenType::INTEGER; } @@ -302,15 +305,22 @@ IP_OCTET ([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]) yyterminate(); } } - int64_t val = 0; + uint64_t val = 0; sscanf(yytext, "%lo", &val); + if (val > 01000000000000000000000) { + yyterminate(); + } yylval->intval = val; return TokenType::INTEGER; } {DEC}+ { try { folly::StringPiece text(yytext, yyleng); - yylval->intval = folly::to(text); + uint64_t val = folly::to(text); + if (val > 9223372036854775808ULL) { + yyterminate(); + } + yylval->intval = val; } catch (...) { yyterminate(); } diff --git a/src/parser/test/ScannerTest.cpp b/src/parser/test/ScannerTest.cpp index 1110e684a7f..d7c9fb80555 100644 --- a/src/parser/test/ScannerTest.cpp +++ b/src/parser/test/ScannerTest.cpp @@ -386,12 +386,13 @@ TEST(Scanner, Basic) { CHECK_SEMANTIC_VALUE(".123", TokenType::DOUBLE, 0.123), CHECK_SEMANTIC_VALUE("123.456", TokenType::DOUBLE, 123.456), - CHECK_SEMANTIC_VALUE("0xFFFFFFFFFFFFFFFF", TokenType::INTEGER, 0xFFFFFFFFFFFFFFFFL), - CHECK_SEMANTIC_VALUE("0x00FFFFFFFFFFFFFFFF", TokenType::INTEGER, 0x00FFFFFFFFFFFFFFFFL), + CHECK_SEMANTIC_VALUE("0x8000000000000000", TokenType::INTEGER, 0x8000000000000000), + CHECK_SEMANTIC_VALUE("0x008000000000000000", TokenType::INTEGER, 0x008000000000000000L), + CHECK_SEMANTIC_VALUE("9223372036854775807", TokenType::INTEGER, 9223372036854775807L), - CHECK_SEMANTIC_VALUE("001777777777777777777777", TokenType::INTEGER, - 001777777777777777777777), - CHECK_LEXICAL_ERROR("9223372036854775808"), + CHECK_SEMANTIC_VALUE("001000000000000000000000", TokenType::INTEGER, + 001000000000000000000000), + CHECK_LEXICAL_ERROR("9223372036854775809"), CHECK_LEXICAL_ERROR("0xFFFFFFFFFFFFFFFFF"), CHECK_LEXICAL_ERROR("002777777777777777777777"), // TODO(dutor) It's too tedious to paste an overflowed double number here,