summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--guix/store/database.scm16
-rw-r--r--tests/store-database.scm19
2 files changed, 33 insertions, 2 deletions
diff --git a/guix/store/database.scm b/guix/store/database.scm
index 4eea166d92..8d08def833 100644
--- a/guix/store/database.scm
+++ b/guix/store/database.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017, 2019 Caleb Ristvedt <caleb.ristvedt@cune.org>
-;;; Copyright © 2018, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2018, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -241,12 +241,26 @@ identifier.  Otherwise, return #f."
   "INSERT INTO ValidPaths (path, hash, registrationTime, deriver, narSize)
 VALUES (:path, :hash, :time, :deriver, :size)")
 
+(define-inlinable (assert-integer proc in-range? key number)
+  (unless (integer? number)
+    (throw 'wrong-type-arg proc
+           "Wrong type argument ~A: ~S" (list key number)
+           (list number)))
+  (unless (in-range? number)
+    (throw 'out-of-range proc
+           "Integer ~A out of range: ~S" (list key number)
+           (list number))))
+
 (define* (update-or-insert db #:key path deriver hash nar-size time)
   "The classic update-if-exists and insert-if-doesn't feature that sqlite
 doesn't exactly have... they've got something close, but it involves deleting
 and re-inserting instead of updating, which causes problems with foreign keys,
 of course. Returns the row id of the row that was modified or inserted."
 
+  ;; Make sure NAR-SIZE is valid.
+  (assert-integer "update-or-insert" positive? #:nar-size nar-size)
+  (assert-integer "update-or-insert" (cut >= <> 0) #:time time)
+
   ;; It's important that querying the path-id and the insert/update operation
   ;; take place in the same transaction, as otherwise some other
   ;; process/thread/fiber could register the same path between when we check
diff --git a/tests/store-database.scm b/tests/store-database.scm
index 17eea38c63..d8f3ce8070 100644
--- a/tests/store-database.scm
+++ b/tests/store-database.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017, 2018, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017, 2018, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -123,4 +123,21 @@
          (pk 'welcome-exception! args)
          #t)))))
 
+(test-equal "sqlite-register with incorrect size"
+  'out-of-range
+  (call-with-temporary-output-file
+   (lambda (db-file port)
+     (delete-file db-file)
+     (catch #t
+       (lambda ()
+         (with-database db-file db
+           (sqlite-register db #:path "/gnu/foo"
+                            #:references '("/gnu/bar")
+                            #:deriver "/gnu/foo.drv"
+                            #:hash (string-append "sha256:" (make-string 64 #\e))
+                            #:nar-size -1234))
+         #f)
+       (lambda (key . _)
+         key)))))
+
 (test-end "store-database")
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-11 04:23:38 +0000