From 8ab8d656c00c8520c892cbb3357725ddb0973a4e Mon Sep 17 00:00:00 2001
From: Vladimir Davydov <vdavydov@tarantool.org>
Date: Tue, 14 Nov 2023 11:17:59 +0300
Subject: [PATCH] box: add check against setting box.cfg options to inf and nan

Setting a box.cfg option to inf or nan can result in a crash or invalid
behavior. For example, setting `box.cfg.checkpoint_interval` to 0/0
triggers an assertion failure. Let's add a check against inf and nan for
all options. These special numbers don't make any sense as configuration
option values anyway.

Closes #4962

NO_DOC=bug fix
---
 ...gh-4962-box-cfg-forbid-infinite-numbers.md |  5 ++++
 src/box/lua/load_cfg.lua                      |  8 ++++++
 .../gh_4962_cfg_infinite_numbers_test.lua     | 28 +++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 changelogs/unreleased/gh-4962-box-cfg-forbid-infinite-numbers.md
 create mode 100644 test/box-luatest/gh_4962_cfg_infinite_numbers_test.lua

diff --git a/changelogs/unreleased/gh-4962-box-cfg-forbid-infinite-numbers.md b/changelogs/unreleased/gh-4962-box-cfg-forbid-infinite-numbers.md
new file mode 100644
index 0000000000..ffe6f46195
--- /dev/null
+++ b/changelogs/unreleased/gh-4962-box-cfg-forbid-infinite-numbers.md
@@ -0,0 +1,5 @@
+## bugfix/box
+
+* Added a check that disables setting `box.cfg` and `log.cfg` options to
+  infinite numbers (NaN, Inf). Setting a `box.cfg` or `log.cfg` option to
+  an infinite number could result in a crash or invalid behavior (gh-4962).
diff --git a/src/box/lua/load_cfg.lua b/src/box/lua/load_cfg.lua
index bc707f8a43..fd678e918a 100644
--- a/src/box/lua/load_cfg.lua
+++ b/src/box/lua/load_cfg.lua
@@ -810,6 +810,14 @@ local function check_cfg_option_type(template, name, value)
                       template)
         end
     end
+    -- It makes no sense to set any configuration option value to an infinite
+    -- number (nan, inf, -inf). To prevent such numbers from slipping through
+    -- configuration option sanity checks and breaking the application logic,
+    -- we forbid them explicitly at the top level.
+    if type(value) == 'number' and not
+            (value == value and value > -math.huge and value < math.huge) then
+        box.error(box.error.CFG, name, "should be a finite number")
+    end
 end
 
 local function prepare_cfg(cfg, old_cfg, default_cfg, template_cfg, modify_cfg)
diff --git a/test/box-luatest/gh_4962_cfg_infinite_numbers_test.lua b/test/box-luatest/gh_4962_cfg_infinite_numbers_test.lua
new file mode 100644
index 0000000000..098ea1430a
--- /dev/null
+++ b/test/box-luatest/gh_4962_cfg_infinite_numbers_test.lua
@@ -0,0 +1,28 @@
+local server = require('luatest.server')
+local t = require('luatest')
+
+local g = t.group()
+
+g.before_all(function(cg)
+    cg.server = server:new()
+    cg.server:start()
+end)
+
+g.after_all(function(cg)
+    cg.server:drop()
+end)
+
+g.test_cfg_infinite_numbers = function(cg)
+    cg.server:exec(function()
+        for _, val in ipairs({1 / 0, -1 / 0, 0 / 0}) do
+            for opt, opt_type in pairs(box.internal.template_cfg) do
+                if opt_type:find('number') then
+                    t.assert_error_msg_equals(
+                        "Incorrect value for option '" .. opt .. "': " ..
+                        "should be a finite number",
+                        box.cfg, {[opt] = val})
+                end
+            end
+        end
+    end)
+end
-- 
GitLab