From 406e215b8ccb2167e19328626fc5ca81a4cf0695 Mon Sep 17 00:00:00 2001
From: anshikakalpana <anshikajain196872@gmail.com>
Date: Mon, 8 Jun 2026 16:34:28 +0530
Subject: [PATCH] sqlite: validate maxSize argument in createTagStore()

Signed-off-by: anshikakalpana <anshikajain196872@gmail.com>
---
 src/node_sqlite.cc                        | 19 +++++++++++--
 test/parallel/test-sqlite-template-tag.js | 34 +++++++++++++++++++++++
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
index d9f979c36b3ce5..0d1d8c5e4481ce 100644
--- a/src/node_sqlite.cc
+++ b/src/node_sqlite.cc
@@ -1044,10 +1044,23 @@ void DatabaseSync::CreateTagStore(const FunctionCallbackInfo<Value>& args) {
     return;
   }
   int capacity = 1000;
-  if (args.Length() > 0 && args[0]->IsNumber()) {
-    capacity = args[0].As<Number>()->Value();
+  if (args.Length() > 0 && !args[0]->IsUndefined()) {
+    if (!args[0]->IsNumber()) {
+      THROW_ERR_INVALID_ARG_TYPE(
+          env->isolate(),
+          "The \"maxSize\" argument must be a positive integer.");
+      return;
+    }
+    double val = args[0].As<Number>()->Value();
+    if (!std::isfinite(val) || std::floor(val) != val || val <= 0 ||
+        val > std::numeric_limits<int>::max()) {
+      THROW_ERR_OUT_OF_RANGE(
+          env->isolate(),
+          "The \"maxSize\" argument must be a positive integer.");
+      return;
+    }
+    capacity = static_cast<int>(val);
   }
-
   BaseObjectPtr<SQLTagStore> session =
       SQLTagStore::Create(env, BaseObjectWeakPtr<DatabaseSync>(db), capacity);
   if (!session) {
diff --git a/test/parallel/test-sqlite-template-tag.js b/test/parallel/test-sqlite-template-tag.js
index 0c6328e33af2f6..acf0fe53fa75a8 100644
--- a/test/parallel/test-sqlite-template-tag.js
+++ b/test/parallel/test-sqlite-template-tag.js
@@ -112,6 +112,40 @@ test('TagStore capacity, size, and clear', () => {
   assert.strictEqual(sql.capacity, 10);
 });
 
+test('createTagStore throws on invalid maxSize', () => {
+  const db = new DatabaseSync(':memory:');
+
+  assert.throws(() => db.createTagStore(0), {
+    code: 'ERR_OUT_OF_RANGE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore(-1), {
+    code: 'ERR_OUT_OF_RANGE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore(NaN), {
+    code: 'ERR_OUT_OF_RANGE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore(1.5), {
+    code: 'ERR_OUT_OF_RANGE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore('abc'), {
+    code: 'ERR_INVALID_ARG_TYPE',
+    message: /maxSize/,
+  });
+
+  assert.throws(() => db.createTagStore(Number.MAX_SAFE_INTEGER), {
+    code: 'ERR_OUT_OF_RANGE',
+    message: /maxSize/,
+  });
+});
+
 test('sql.db returns the associated DatabaseSync instance', () => {
   assert.strictEqual(sql.db, db);
 });