Treat strings greater than int max value as out of range

Sufficiently large integers cause `find` and `find_by` to raise `StatementInvalid` instead of `RecordNotFound` or just returning `nil`. Given that we can't cast to `nil` for `Integer` like we would with junk data for other types, we raise a `RangeError` instead, and rescue in places where it would be highly unexpected to get an exception from casting. Fixes #17380
author: Sean Griffin <sean@thoughtbot.com> 2014-10-31 11:23:24 -0600
committer: Sean Griffin <sean@thoughtbot.com> 2014-10-31 12:15:36 -0600
commit: e62fff40edde10bd04bbb91ce242f4a7f7ea64a8 (patch)
tree: f984582034b23691663a54fa978d5cbf4d8e403e /activerecord/lib
parent: 9b9f0197b7e645ae5b05a5581ba82f32f0971183 (diff)
download: rails-e62fff40edde10bd04bbb91ce242f4a7f7ea64a8.tar.gz
rails-e62fff40edde10bd04bbb91ce242f4a7f7ea64a8.tar.bz2
rails-e62fff40edde10bd04bbb91ce242f4a7f7ea64a8.zip
6 files changed, 42 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/core.rb b/activerecord/lib/active_record/core.rb
index a0382f99e6..952aeaa703 100644
--- a/activerecord/lib/active_record/core.rb
+++ b/activerecord/lib/active_record/core.rb
@@ -155,6 +155,8 @@ module ActiveRecord
           raise RecordNotFound, "Couldn't find #{name} with '#{primary_key}'=#{id}"
         end
         record
+      rescue RangeError
+        raise RecordNotFound, "Couldn't find #{name} with an out of range value for '#{primary_key}'"
       end
 
       def find_by(*args)
@@ -185,6 +187,8 @@ module ActiveRecord
           s.execute(hash.values, self, connection).first
         rescue TypeError => e
           raise ActiveRecord::StatementInvalid.new(e.message, e)
+        rescue RangeError
+          nil
         end
       end
 
diff --git a/activerecord/lib/active_record/relation/finder_methods.rb b/activerecord/lib/active_record/relation/finder_methods.rb
index ddb392a6d4..145b7378cf 100644
--- a/activerecord/lib/active_record/relation/finder_methods.rb
+++ b/activerecord/lib/active_record/relation/finder_methods.rb
@@ -433,6 +433,8 @@ module ActiveRecord
       else
         find_some(ids)
       end
+    rescue RangeError
+      raise RecordNotFound, "Couldn't find #{@klass.name} with an out of range ID"
     end
 
     def find_one(id)
diff --git a/activerecord/lib/active_record/type.rb b/activerecord/lib/active_record/type.rb
index e3d6c5957e..e5acbbb6b3 100644
--- a/activerecord/lib/active_record/type.rb
+++ b/activerecord/lib/active_record/type.rb
@@ -4,6 +4,7 @@ require 'active_record/type/numeric'
 require 'active_record/type/time_value'
 require 'active_record/type/value'
 
+require 'active_record/type/big_integer'
 require 'active_record/type/binary'
 require 'active_record/type/boolean'
 require 'active_record/type/date'
diff --git a/activerecord/lib/active_record/type/big_integer.rb b/activerecord/lib/active_record/type/big_integer.rb
new file mode 100644
index 0000000000..0c72d8914f
--- /dev/null
+++ b/activerecord/lib/active_record/type/big_integer.rb
@@ -0,0 +1,13 @@
+require 'active_record/type/integer'
+
+module ActiveRecord
+  module Type
+    class BigInteger < Integer # :nodoc:
+      private
+
+      def max_value
+        ::Float::INFINITY
+      end
+    end
+  end
+end
diff --git a/activerecord/lib/active_record/type/decimal_without_scale.rb b/activerecord/lib/active_record/type/decimal_without_scale.rb
index cabdcecdd7..ff5559e300 100644
--- a/activerecord/lib/active_record/type/decimal_without_scale.rb
+++ b/activerecord/lib/active_record/type/decimal_without_scale.rb
@@ -1,8 +1,8 @@
-require 'active_record/type/integer'
+require 'active_record/type/big_integer'
 
 module ActiveRecord
   module Type
-    class DecimalWithoutScale < Integer # :nodoc:
+    class DecimalWithoutScale < BigInteger # :nodoc:
       def type
         :decimal
       end
diff --git a/activerecord/lib/active_record/type/integer.rb b/activerecord/lib/active_record/type/integer.rb
index 08477d1303..2b0f0b2734 100644
--- a/activerecord/lib/active_record/type/integer.rb
+++ b/activerecord/lib/active_record/type/integer.rb
@@ -15,9 +15,28 @@ module ActiveRecord
         case value
         when true then 1
         when false then 0
-        else value.to_i rescue nil
+        else
+          result = value.to_i rescue nil
+          ensure_below_max(result) if result
+          result
         end
       end
+
+      def ensure_below_max(value)
+        if value > max_value
+          raise RangeError, "#{value} is too large for #{self.class} with limit #{limit || 4}"
+        end
+      end
+
+      def max_value
+        @max_value = determine_max_value unless defined?(@max_value)
+        @max_value
+      end
+
+      def determine_max_value
+        limit = self.limit || 4
+        2 << (limit * 8 - 1) # 8 bits per byte with one bit for sign
+      end
     end
   end
 end
author	Sean Griffin <sean@thoughtbot.com>	2014-10-31 11:23:24 -0600
committer	Sean Griffin <sean@thoughtbot.com>	2014-10-31 12:15:36 -0600
commit	e62fff40edde10bd04bbb91ce242f4a7f7ea64a8 (patch)
tree	f984582034b23691663a54fa978d5cbf4d8e403e /activerecord/lib
parent	9b9f0197b7e645ae5b05a5581ba82f32f0971183 (diff)
download	rails-e62fff40edde10bd04bbb91ce242f4a7f7ea64a8.tar.gz rails-e62fff40edde10bd04bbb91ce242f4a7f7ea64a8.tar.bz2 rails-e62fff40edde10bd04bbb91ce242f4a7f7ea64a8.zip