Implement input validation for string length and index capacity in similarity_search_addon.cc and similarity_search.c; enhance memory management in search_index function.

2025-04-18 08:57:35 +02:00
parent de950fa11c
commit da5e7476a0
3 changed files with 74 additions and 2 deletions
--- a/similarity_search_addon.cc
+++ b/similarity_search_addon.cc
@@ -66,7 +66,24 @@ Napi::Value SearchIndexWrapper::AddString(const Napi::CallbackInfo& info) {
  }
  
  std::string str = info[0].As<Napi::String>().Utf8Value();
+  
+  // Check if string is too long
+  if (str.length() >= MAX_STRING_LEN) {
+    Napi::Error::New(env, "String too long").ThrowAsJavaScriptException();
+    return env.Null();
+  }
+  
+  // Check if we've reached capacity
+  if (this->index_->num_strings >= this->index_->capacity) {
+    Napi::Error::New(env, "Search index capacity exceeded").ThrowAsJavaScriptException();
+    return env.Null();
+  }
+  
  int result = add_string_to_index(this->index_, str.c_str());
+  if (result != 0) {
+    Napi::Error::New(env, "Failed to add string to index").ThrowAsJavaScriptException();
+    return env.Null();
+  }
  
  return Napi::Number::New(env, result);
 }
@@ -81,10 +98,20 @@ Napi::Value SearchIndexWrapper::Search(const Napi::CallbackInfo& info) {
  }
  
  std::string query = info[0].As<Napi::String>().Utf8Value();
-  float cutoff = 0.2f; // Default cutoff
  
+  // Check if query string is too long
+  if (query.length() >= MAX_STRING_LEN) {
+    Napi::Error::New(env, "Query string too long").ThrowAsJavaScriptException();
+    return env.Null();
+  }
+  
+  float cutoff = 0.2f; // Default cutoff
  if (info.Length() > 1 && info[1].IsNumber()) {
    cutoff = info[1].As<Napi::Number>().FloatValue();
+    if (cutoff < 0.0f || cutoff > 1.0f) {
+      Napi::Error::New(env, "Cutoff must be between 0 and 1").ThrowAsJavaScriptException();
+      return env.Null();
+    }
  }
  
  int num_results = 0;