lib/flagutil: prevent from integer overflow when parsing duration

This commit is contained in:
Aliaksandr Valialkin 2021-02-15 12:57:56 +02:00
parent 38d7e96602
commit 2e30202dc7
5 changed files with 15 additions and 8 deletions

2
go.mod
View file

@ -9,7 +9,7 @@ require (
// like https://github.com/valyala/fasthttp/commit/996610f021ff45fdc98c2ce7884d5fa4e7f9199b // like https://github.com/valyala/fasthttp/commit/996610f021ff45fdc98c2ce7884d5fa4e7f9199b
github.com/VictoriaMetrics/fasthttp v1.0.12 github.com/VictoriaMetrics/fasthttp v1.0.12
github.com/VictoriaMetrics/metrics v1.13.1 github.com/VictoriaMetrics/metrics v1.13.1
github.com/VictoriaMetrics/metricsql v0.10.0 github.com/VictoriaMetrics/metricsql v0.10.1
github.com/aws/aws-sdk-go v1.37.7 github.com/aws/aws-sdk-go v1.37.7
github.com/cespare/xxhash/v2 v2.1.1 github.com/cespare/xxhash/v2 v2.1.1
github.com/cheggaaa/pb/v3 v3.0.5 github.com/cheggaaa/pb/v3 v3.0.5

4
go.sum
View file

@ -87,8 +87,8 @@ github.com/VictoriaMetrics/fasthttp v1.0.12/go.mod h1:3SeUL4zwB/p/a9aEeRc6gdlbrt
github.com/VictoriaMetrics/metrics v1.12.2/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE= github.com/VictoriaMetrics/metrics v1.12.2/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE=
github.com/VictoriaMetrics/metrics v1.13.1 h1:1S9QrbXLPrcDBYLiDNIqWk9AC/lk5Ptk8eIjDIFFDsQ= github.com/VictoriaMetrics/metrics v1.13.1 h1:1S9QrbXLPrcDBYLiDNIqWk9AC/lk5Ptk8eIjDIFFDsQ=
github.com/VictoriaMetrics/metrics v1.13.1/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE= github.com/VictoriaMetrics/metrics v1.13.1/go.mod h1:Z1tSfPfngDn12bTfZSCqArT3OPY3u88J12hSoOhuiRE=
github.com/VictoriaMetrics/metricsql v0.10.0 h1:45BARAP2shaL/5p67Hvz+YrWUbr0X0VCy9t+gvdIm8o= github.com/VictoriaMetrics/metricsql v0.10.1 h1:wLl/YbMmBGFPyLKMfqNLC333iygibosSM5iSvlH2B4A=
github.com/VictoriaMetrics/metricsql v0.10.0/go.mod h1:ylO7YITho/Iw6P71oEaGyHbO94bGoGtzWfLGqFhMIg8= github.com/VictoriaMetrics/metricsql v0.10.1/go.mod h1:ylO7YITho/Iw6P71oEaGyHbO94bGoGtzWfLGqFhMIg8=
github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM= github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=

View file

@ -23,6 +23,9 @@ func TestDurationSetFailure(t *testing.T) {
// Too big value in months // Too big value in months
f("12345") f("12345")
// Too big duration
f("100000000000y")
// Negative duration // Negative duration
f("-1") f("-1")
f("-34h") f("-34h")

View file

@ -2,6 +2,7 @@ package metricsql
import ( import (
"fmt" "fmt"
"math"
"strconv" "strconv"
"strings" "strings"
"unicode" "unicode"
@ -444,7 +445,7 @@ func DurationValue(s string, step int64) (int64, error) {
if len(s) == 0 { if len(s) == 0 {
return 0, fmt.Errorf("duration cannot be empty") return 0, fmt.Errorf("duration cannot be empty")
} }
var d int64 var d float64
isMinus := false isMinus := false
for len(s) > 0 { for len(s) > 0 {
n := scanSingleDuration(s, true) n := scanSingleDuration(s, true)
@ -465,10 +466,13 @@ func DurationValue(s string, step int64) (int64, error) {
isMinus = true isMinus = true
} }
} }
return d, nil if math.Abs(d) > 1<<63-1 {
return 0, fmt.Errorf("too big duration %.0fms", d)
}
return int64(d), nil
} }
func parseSingleDuration(s string, step int64) (int64, error) { func parseSingleDuration(s string, step int64) (float64, error) {
numPart := s[:len(s)-1] numPart := s[:len(s)-1]
if strings.HasSuffix(numPart, "m") { if strings.HasSuffix(numPart, "m") {
// Duration in ms // Duration in ms
@ -499,7 +503,7 @@ func parseSingleDuration(s string, step int64) (int64, error) {
default: default:
return 0, fmt.Errorf("invalid duration suffix in %q", s) return 0, fmt.Errorf("invalid duration suffix in %q", s)
} }
return int64(mp * f * 1e3), nil return mp * f * 1e3, nil
} }
// scanDuration scans duration, which must start with positive num. // scanDuration scans duration, which must start with positive num.

2
vendor/modules.txt vendored
View file

@ -16,7 +16,7 @@ github.com/VictoriaMetrics/fasthttp/fasthttputil
github.com/VictoriaMetrics/fasthttp/stackless github.com/VictoriaMetrics/fasthttp/stackless
# github.com/VictoriaMetrics/metrics v1.13.1 # github.com/VictoriaMetrics/metrics v1.13.1
github.com/VictoriaMetrics/metrics github.com/VictoriaMetrics/metrics
# github.com/VictoriaMetrics/metricsql v0.10.0 # github.com/VictoriaMetrics/metricsql v0.10.1
github.com/VictoriaMetrics/metricsql github.com/VictoriaMetrics/metricsql
github.com/VictoriaMetrics/metricsql/binaryop github.com/VictoriaMetrics/metricsql/binaryop
# github.com/VividCortex/ewma v1.1.1 # github.com/VividCortex/ewma v1.1.1