Added a check to limit the bind value size and maxSize

cjbj · cjbj · commit b4d464e32d1a · 2016-12-02T23:17:18.000+11:00
diff --git a/doc/api.md b/doc/api.md
@@ -3714,7 +3714,7 @@ end-of-fetch at the same time.
 The value of `prefetchRows` size is ignored when *not* using a
 `ResultSet`.
 
-Prefetching from REF CURSORS requires Oracle Database 11gR2 or
+Prefetching from REF CURSORS requires Oracle Database 11.2 or
 greater.
 
 Prefetching can be disabled by setting `prefetchRows` to 0.
@@ -4540,7 +4540,8 @@ statement text is different and would be less efficient.
 
 IN binds are values passed into the database.  OUT binds are used to
 retrieve data.  IN OUT binds are passed in, and may return a different
-value after the statement executes.
+value after the statement executes.  IN OUT binds can be used for
+PL/SQL calls, but not for SQL.
 
 OUT bind parameters for `RETURNING INTO` clauses will always return an
 array of values. See [DML RETURNING Bind Parameters](#dmlreturn).
@@ -4813,7 +4814,7 @@ CURSOR is set to NULL or is not set in the PL/SQL procedure then the
 returned `ResultSet` is invalid and methods like `getRows()` will
 return an error when invoked.
 
-When using Oracle Database 11gR2 or greater, then
+When using Oracle Database 11.2 or greater, then
 [`prefetchRows`](#propdbprefetchrows) can be used to tune the
 performance of fetching REF CURSORS.
 
@@ -4968,28 +4969,32 @@ size used for these binds in the OUT direction is 200, so set
 See [Working with CLOB and BLOB Data](#lobhandling) for examples and
 more information on binding and working with LOBs.
 
-#### Maximum Limits (Bytes) for Binding LOBs to Strings and Buffers
+#### Theoretical Limits (Bytes) for Binding LOBs to Strings and Buffers
 
-DB Type | Bind Type       | Direction   | Oracle Client 12c Limit<sup>*</sup> | Oracle Client 11g Limit<sup>*</sup>
+DB Type | Bind Type       | Direction   | Oracle Client 12c Limit<sup>*</sup> | Oracle Client 11.2 Limit<sup>*</sup>
 --------|-----------------|-------------|-------------------------|------------------------
-CLOB    | oracledb.STRING |BIND_IN      |  2 GB                   | 64 KB
+CLOB    | oracledb.STRING |BIND_IN      |  1 GB                   | 64 KB
 CLOB    | oracledb.STRING |BIND_OUT     |  1 GB                   | 64 KB
 CLOB    | oracledb.STRING |BIND_INOUT   | 32 KB                   | 32 KB
-BLOB    | oracledb.BUFFER |BIND_IN      |  2 GB                   | 64 KB
-BLOB    | oracledb.BUFFER |BIND_OUT     |  2 GB                   | 64 KB
+BLOB    | oracledb.BUFFER |BIND_IN      |  1 GB                   | 64 KB
+BLOB    | oracledb.BUFFER |BIND_OUT     |  1 GB                   | 64 KB
 BLOB    | oracledb.BUFFER |BIND_INOUT   | 32 KB                   | 32 KB
 
-<sup>*</sup>The largest usable data length is one byte less than the size shown.
-
-Internally, node-oracledb uses temporary LOBs when binding Strings and
-Buffers larger than 32 KB.  Since temporary LOBs cannot be used for IN
-OUT binds, the data size in this case is restricted to 32 KB.
+<sup>*</sup>The largest usable data length is two bytes less than the
+size shown for 12c and one byte less for 11.2.
 
 In practice, the limitation on binding IN or OUT is the memory
-available to Node.js.  You will see the error *JavaScript heap out of
-memory* when you try to create large Strings or Buffers.  So, for most
-large data sizes, it is recommended to bind as `oracledb.CLOB` or
-`oracledb.BLOB` and use [Lob streaming](#streamsandlobs).
+available to Node.js and the V8 engine.  For data larger than several
+megabytes, it is recommended to bind as `oracledb.CLOB` or
+`oracledb.BLOB` and use [Lob streaming](#streamsandlobs).  If you try
+to create large Strings or Buffers in Node.js you will see errors like
+*JavaScript heap out of memory*, or other space related messages.
+
+Internally, for PL/SQL calls, node-oracledb uses temporary LOBs when
+binding Strings and Buffers larger than 32 KB.  Since temporary LOBs
+cannot be used for IN OUT binds, the data size in this case is
+restricted to 32 KB.  For SQL call no temporary LOBs are used.
+
 
 ### <a name="plsqlindexbybinds"></a> 13.6 PL/SQL Collection Associative Array (Index-by) Bind Parameters
 
diff --git a/src/dpi/include/dpiStmt.h b/src/dpi/include/dpiStmt.h
@@ -120,7 +120,7 @@ typedef enum
   #define  DPI_SZ_TYPE         sb8
   #define  DPI_USZ_TYPE        ub8
   #define  DPI_BUFLEN_TYPE     ub4
-  #define  DPI_MAX_BUFLEN      SB4MAXVAL
+  #define  DPI_MAX_BUFLEN    (1024*1024*1024 - 2)  // max for binding: 1GB-2
   #define  DPIBINDBYPOS    OCIBindByPos2
   #define  DPIBINDBYNAME   OCIBindByName2
   #define  DPIDEFINEBYPOS  OCIDefineByPos2
diff --git a/src/njs/src/njsConnection.cpp b/src/njs/src/njsConnection.cpp
@@ -801,6 +801,17 @@ void Connection::GetBindUnit (Local<Value> val, Bind* bind, bool array,
       goto exitGetBindUnit;
     }
 
+    // for INOUT and OUT bind maxSize is used, and if a large value is
+    // specified, report error and bail out.
+    if ( ( dir == NJS_BIND_INOUT || dir == NJS_BIND_OUT ) &&
+         ( bind->maxSize > DPI_MAX_BUFLEN ) )
+    {
+      executeBaton->error = NJSMessages::getErrorMsg ( errMaxValueTooLarge,
+                                                       "maxSize", 
+                                                       DPI_MAX_BUFLEN, 2 );
+      goto exitGetBindUnit;
+    }
+
     NJS_GET_UINT_FROM_JSON(bind->maxArraySize, executeBaton->error, bind_unit,
                            "maxArraySize", 1, exitGetBindUnit);
 
@@ -1085,7 +1096,8 @@ void Connection::GetInBindParamsScalar(Local<Value> v8val, Bind* bind,
       if ( str.length () > DPI_MAX_BUFLEN )
       {
         executeBaton->error = NJSMessages::getErrorMsg (
-                                                    errBindValueTooLarge );
+                                                        errBindValueTooLarge,
+                                                        DPI_MAX_BUFLEN );
         goto exitGetInBindParamsScalar;
       }
 
@@ -1234,7 +1246,8 @@ void Connection::GetInBindParamsScalar(Local<Value> v8val, Bind* bind,
             if ( bufLen > DPI_MAX_BUFLEN )
             {
               executeBaton->error = NJSMessages::getErrorMsg (
-                                              errBindValueTooLarge ) ;
+                                             errBindValueTooLarge,
+                                             DPI_MAX_BUFLEN ) ;
               goto exitGetInBindParamsScalar;
             }
 
diff --git a/src/njs/src/njsMessages.cpp b/src/njs/src/njsMessages.cpp
@@ -87,7 +87,8 @@ static const char *errMsg[] =
   "NJS-048: operation not permitted while Lob object is active in a bind operation", // errLOBBindActive
   "NJS-049: cannot use bind direction IN OUT for temporary LOBs", // errTempLOBINOUTBind
   "NJS-050: Temporary LOBs were open when the connection was closed", // errBusyConnTEMPLOB
-  "NJS-051: given data as bind value is too large", // errBindValueTooLarge
+  "NJS-051: data must be shorter than %d", // errBindValueTooLarge
+  "NJS-052: \"%s\" must be less than %d", // errMaxValueTooLarge
 };
 
 string NJSMessages::getErrorMsg ( NJSErrorType err, ... )
diff --git a/src/njs/src/njsMessages.h b/src/njs/src/njsMessages.h
@@ -87,6 +87,7 @@ typedef enum
   errTempLOBINOUTBind,
   errBusyConnTEMPLOB,
   errBindValueTooLarge,
+  errMaxValueTooLarge,
 
   // New ones should be added here
 
