Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug Report: Library Crashes When colSpan Property Receives a String Value #2824

Open
sdesai-infinite opened this issue Dec 17, 2024 · 2 comments

Comments

@sdesai-infinite
Copy link

When a string value is assigned to the colSpan property, the library fails to handle the invalid input gracefully. Instead of throwing a proper validation error, the issue causes the server to crash unexpectedly. This behavior not only disrupts our production environment but is also reproducible on the pdfmake playground, where the server similarly fails.
Expected Behavior
The library should validate the colSpan input and throw a descriptive error if an invalid value (e.g., a string) is provided. The server should not crash due to invalid input.
Impact

  • Server crashes in our production environment when invalid colSpan input is encountered.
  • Reproducible on the official pdfmake playground, demonstrating this is not an isolated issue.
  • Critical disruption to applications relying on this library.

Urgency
This is a critical issue causing server downtime and affecting production systems. A fix is required urgently to prevent further disruptions.

Suggested Fix
Implement input validation for the colSpan property to ensure only numeric values are accepted.
If an invalid value is encountered, throw a clear error instead of crashing the server.

_ Please prioritize this fix and let us know if any further details or assistance are needed._

@suchislife801
Copy link

I have an idea. Why don't you do your own type checking?

@liborm85
Copy link
Collaborator

I don’t fully understand how this could cause server downtime in production. If a string is accidentally assigned to a property that requires a number, this would be the responsibility of the product/site developer.

I’m not familiar with your specific use case where this might occur randomly, but if user input is allowed for this value, it’s essential to add validation in the GUI to ensure it is a number. Without such validation, this could lead to exceptions, which would constitute a critical bug in your product/site.

This issue has been marked as a feature request.
Since this is an open-source project, you are welcome to contribute by submitting your own pull request to add the necessary validations or other improvements.

This issue is not a vulnerability in library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants