Re: [PR] [fix](ddl) reject invalid IPv4 default value at CREATE TABLE time [doris]

Thu, 11 Jun 2026 20:47:47 -0700 


github-actions[bot] commented on code in PR #62906:
URL: https://github.com/apache/doris/pull/62906#discussion_r3400530989


##########
fe/fe-catalog/src/main/java/org/apache/doris/analysis/IPv4Literal.java:
##########
@@ -56,22 +56,33 @@ protected IPv4Literal(IPv4Literal other) {
         this.value = other.value;
     }
 
-    private static long parseIPv4toLong(String ipv4) {
-        String[] parts = ipv4.split("\\.");
+    private static long parseIPv4toLong(String ipv4) throws AnalysisException {
+        // Use limit -1 so a trailing dot keeps its empty part: "1.2.3.4." 
stays 5 parts and is
+        // rejected by the count check below (plain split("\\.") drops the 
trailing "" and would
+        // wrongly yield 4). A leading or inner empty part keeps 4 parts and 
is instead rejected
+        // when Short.parseShort throws on the empty octet.
+        String[] parts = ipv4.split("\\.", -1);
         if (parts.length != 4) {
-            return 0L;
+            throw new AnalysisException("Invalid IPv4 format: " + ipv4);
         }
 
         long value = 0L;
         for (int i = 0; i < 4; ++i) {
+            // Short.parseShort accepts a leading '+' (e.g. "+3"), which is 
not a valid octet,
+            // so reject it explicitly. A leading '-' / out-of-range value is 
caught by the
+            // range check below, and any other non-digit makes parseShort 
throw. Leading zeros
+            // stay decimal ("010" -> 10), consistent with the BE parser.
+            if (parts[i].startsWith("+")) {

Review Comment:
   `Short.parseShort` is still too permissive for this DDL validator: Java 
accepts Unicode decimal digits, so `ColumnDef.validateDefaultValue(Type.IPV4, 
"127.0.0.1", null)` succeeds here. The column then stores/sends the original 
default string (`Column.defaultValue`/`ColumnToThrift`), and BE later parses 
defaults through `DataTypeIPv4SerDe` -> `CastToIPv4`, whose `parse_ipv4` only 
accepts ASCII `0`-`9`; that default fails during default materialization 
instead of at CREATE TABLE time. This is distinct from the existing 
trailing-dot/signed-octet thread: those examples are fixed, but the parser 
still is not ASCII digit-only. Please validate each octet is non-empty ASCII 
digits before `Short.parseShort` (keeping leading zeros decimal) and add a 
negative test for Unicode digits.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to