Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash with querystring ?wb48617274=803E5708 #2312

Closed
leplatrem opened this issue Oct 25, 2019 · 4 comments · Fixed by #2392
Closed

Crash with querystring ?wb48617274=803E5708 #2312

leplatrem opened this issue Oct 25, 2019 · 4 comments · Fixed by #2392
Labels
bug

Comments

@leplatrem
Copy link
Contributor

Invalid Inf value when encoding double

  File "statsd/client/timer.py", line 38, in _wrapped
    return f(*args, **kwargs)
  File "kinto/core/storage/postgresql/__init__.py", line 662, in list_all
    auth=auth,
  File "kinto/core/storage/postgresql/__init__.py", line 737, in _get_rows
    safe_sql, holders = self._format_conditions(filters, id_field, modified_field)
  File "kinto/core/storage/postgresql/__init__.py", line 819, in _format_conditions
    value = self.json.dumps(value)
@leplatrem leplatrem added the bug label Oct 25, 2019
@dstaley
Copy link
Member

dstaley commented Oct 26, 2019

This is because querystring values are parsed with kinto.core.utils.native_value, which passes the string value into json.loads and takes the return value. JSON supports specifying numbers using E to denote an exponent, so the querystring value is being interpreted as 803^5708, which JSON parsers just convert to Infinity.

Python 3.7.5 (tags/v3.7.5:5c02a39a0b, Oct 15 2019, 01:31:54) [MSC v.1916 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import ujson as json
>>> json.loads("803E5708")
inf

What's interesting is if you pass that value back, you get the error you ran into:

>>> json.dumps(json.loads("803E5708"))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OverflowError: Invalid Inf value when encoding double

This is because ujson doesn't convert inf to Infinity.

A quick and dirty solution could be to compare the parsed value to float("inf") to check if it evaluated to inf, and if so, return the original string value.

def native_value(value):
    """Convert string value to native python values.

    :param str value: value to interprete.
    :returns: the value coerced to python type
    """
    if isinstance(value, str):
        try:
            parsed_value = json.loads(value)
            if parsed_value != float("inf"):
                value = parsed_value
        except ValueError:
            return value
    return value

@Natim
Copy link
Member

Natim commented Jan 13, 2020

@dstaley would you be willing to file a PR with this fix and test?

@dstaley dstaley mentioned this issue Jan 13, 2020
Merged
6 tasks
@dstaley
Copy link
Member

dstaley commented Jan 14, 2020

@Natim here you go! #2392

@Natim
Copy link
Member

Natim commented Jan 14, 2020

Thanks !!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Parse large exponents as strings Kinto/kinto
3 participants
@dstaley @Natim @leplatrem