feat core: do not allow parsing Inf and NaN

apolukhin · apolukhin · commit c50c86934d64 · 2025-12-19T15:54:40.000+03:00
Tests: протестировано CI
commit_hash:952319cbe41f5dad6b4d617a24b917511f5e956e
diff --git a/universal/include/userver/formats/parse/common.hpp b/universal/include/userver/formats/parse/common.hpp
@@ -37,9 +37,14 @@ void CheckInBounds(const Value& value, T x, T min, T max) {
 
 template <typename Value>
 void CheckDoubleFitsInFloat(const Value& value, const double dval) {
-    if (std::isinf(dval) || std::isnan(dval)) {
-        // double infinity and NaN are directly convertible to float infinity and NaN
-        return;
+    if (!std::isfinite(dval)) {
+        auto msg = fmt::format(
+            "Double value ({}) of '{}' is prohibited for use. Inf and NaN values lead to vulnerabilities in code",
+            dval,
+            value.GetPath()
+        );
+        UASSERT_MSG(false, msg);
+        throw typename Value::ParseException(std::move(msg));
     }
 
     auto fval = static_cast<float>(dval);
@@ -53,7 +58,7 @@ void CheckDoubleFitsInFloat(const Value& value, const double dval) {
 
 template <typename Value>
 float NarrowToFloat(double x, const Value& value) {
-    CheckDoubleFitsInFloat(value, x);
+    impl::CheckDoubleFitsInFloat(value, x);
     return static_cast<float>(x);
 }
 
diff --git a/universal/src/formats/common/value_test.hpp b/universal/src/formats/common/value_test.hpp
@@ -220,6 +220,29 @@ TYPED_TEST_P(Parsing, MaxMinFloat) {
     EXPECT_EQ(float_negative_min.template As<float>(), -kFloatMin);
 }
 
+TYPED_TEST_P(Parsing, InfNanFloatDouble) {
+// May abort in test builds
+#ifdef NDEBUG
+    using Value = std::decay_t<decltype(this->kFromString(""))>;
+    using Exception = typename Value::Exception;
+
+    constexpr float kFloatInf = std::numeric_limits<float>::infinity();
+    constexpr float kFloatNan = std::numeric_limits<float>::quiet_NaN();
+
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", kFloatInf))[0].template As<float>(), Exception);
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", -kFloatInf))[0].template As<float>(), Exception);
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", kFloatNan))[0].template As<float>(), Exception);
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", -kFloatNan))[0].template As<float>(), Exception);
+
+    constexpr double kDoubleInf = std::numeric_limits<double>::infinity();
+    constexpr double kDoubleNan = std::numeric_limits<double>::quiet_NaN();
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", kDoubleInf))[0].template As<double>(), Exception);
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", -kDoubleInf))[0].template As<double>(), Exception);
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", kDoubleNan))[0].template As<double>(), Exception);
+    EXPECT_THROW(this->kFromString(fmt::format("[{}]", -kDoubleNan))[0].template As<double>(), Exception);
+#endif
+}
+
 TYPED_TEST_P(Parsing, UserProvidedCommonParser) {
     auto value = this->kFromString("[42]")[0];
 
@@ -394,6 +417,7 @@ REGISTER_TYPED_TEST_SUITE_P(
     UInt,
     IntOverflow,
     MaxMinFloat,
+    InfNanFloatDouble,
     UserProvidedCommonParser,
 
     ChronoDoubleSeconds,
