Add guards for large seq

Alec Gibson · Alec Gibson · commit a0814920063c · 2020-01-30T18:12:11.000Z
Previously, `seq` would get reset every time a client reconnects.
Whilst not entirely robust, it did help to mitigate the possibility that
very long-lived connections might hit an integer overflow when
incrementing their `seq`.

This change adds a guard against this case, and throws a sensible error,
both on the client, and on the server.

Note that we cannot rely on the client's `Number.MAX_SAFE_INTEGER`,
because it is not supported by Internet Explorer.
diff --git a/lib/agent.js b/lib/agent.js
@@ -351,6 +351,12 @@ Agent.prototype._handleMessage = function(request, callback) {
       case 'op':
         // Normalize the properties submitted
         var op = createClientOp(request, this.clientId);
+        if (op.seq >= util.MAX_SAFE_INTEGER) {
+          return callback(new ShareDBError(
+            ERROR_CODE.ERR_CONNECTION_SEQ_INTEGER_OVERFLOW,
+            'Connection seq has exceeded the max safe integer, maybe from being open for too long'
+          ));
+        }
         if (!op) return callback(new ShareDBError(ERROR_CODE.ERR_MESSAGE_BADLY_FORMED, 'Invalid op message'));
         return this._submit(request.c, request.d, op, callback);
       case 'nf':
diff --git a/lib/client/doc.js b/lib/client/doc.js
@@ -2,6 +2,7 @@ var emitter = require('../emitter');
 var logger = require('../logger');
 var ShareDBError = require('../error');
 var types = require('../types');
+var util = require('../util');
 
 var ERROR_CODE = ShareDBError.CODES;
 
@@ -641,7 +642,16 @@ Doc.prototype._sendOp = function() {
   // reconnect, since an op may still be pending after the reconnection and
   // this.connection.id will change. In case an op is sent multiple times, we
   // also need to be careful not to override the original seq value.
-  if (op.seq == null) op.seq = this.connection.seq++;
+  if (op.seq == null) {
+    if (this.connection.seq >= util.MAX_SAFE_INTEGER) {
+      return this.emit('error', new ShareDBError(
+        ERROR_CODE.ERR_CONNECTION_SEQ_INTEGER_OVERFLOW,
+        'Connection seq has exceeded the max safe integer, maybe from being open for too long'
+      ));
+    }
+
+    op.seq = this.connection.seq++;
+  }
 
   this.connection.sendOp(this, op);
 
diff --git a/lib/error.js b/lib/error.js
@@ -16,6 +16,7 @@ ShareDBError.CODES = {
   ERR_APPLY_OP_VERSION_DOES_NOT_MATCH_SNAPSHOT: 'ERR_APPLY_OP_VERSION_DOES_NOT_MATCH_SNAPSHOT',
   ERR_APPLY_SNAPSHOT_NOT_PROVIDED: 'ERR_APPLY_SNAPSHOT_NOT_PROVIDED',
   ERR_CLIENT_ID_BADLY_FORMED: 'ERR_CLIENT_ID_BADLY_FORMED',
+  ERR_CONNECTION_SEQ_INTEGER_OVERFLOW: 'ERR_CONNECTION_SEQ_INTEGER_OVERFLOW',
   ERR_CONNECTION_STATE_TRANSITION_INVALID: 'ERR_CONNECTION_STATE_TRANSITION_INVALID',
   ERR_DATABASE_ADAPTER_NOT_FOUND: 'ERR_DATABASE_ADAPTER_NOT_FOUND',
   ERR_DATABASE_DOES_NOT_SUPPORT_SUBSCRIBE: 'ERR_DATABASE_DOES_NOT_SUPPORT_SUBSCRIBE',
diff --git a/lib/util.js b/lib/util.js
@@ -22,3 +22,5 @@ exports.isValidVersion = function(version) {
 exports.isValidTimestamp = function(timestamp) {
   return exports.isValidVersion(timestamp);
 };
+
+exports.MAX_SAFE_INTEGER = 9007199254740991;
diff --git a/test/client/connection.js b/test/client/connection.js
@@ -216,4 +216,22 @@ describe('client connection', function() {
       });
     });
   });
+
+  it('errors when submitting an op with a very large seq', function(done) {
+    this.backend.connect(function(connection) {
+      var doc = connection.get('test', '123');
+      doc.create({foo: 'bar'}, function(error) {
+        if (error) return done(error);
+        connection.sendOp(doc, {
+          op: {p: ['foo'], od: 'bar'},
+          src: connection.id,
+          seq: Number.MAX_SAFE_INTEGER
+        });
+        doc.once('error', function(error) {
+          expect(error.code).to.equal('ERR_CONNECTION_SEQ_INTEGER_OVERFLOW');
+          done();
+        });
+      });
+    });
+  });
 });
diff --git a/test/client/doc.js b/test/client/doc.js
@@ -49,6 +49,17 @@ describe('Doc', function() {
     doc.destroy();
   });
 
+  it('errors when trying to set a very large seq', function(done) {
+    var connection = this.connection;
+    connection.seq = Number.MAX_SAFE_INTEGER;
+    var doc = connection.get('dogs', 'fido');
+    doc.create({name: 'fido'});
+    doc.once('error', function(error) {
+      expect(error.code).to.equal('ERR_CONNECTION_SEQ_INTEGER_OVERFLOW');
+      done();
+    });
+  });
+
   describe('when connection closed', function() {
     beforeEach(function(done) {
       this.op1 = [{p: ['snacks'], oi: true}];
