Skip to content
Closed
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions src/bun.js/bindings/JSValue.zig
Original file line number Diff line number Diff line change
Expand Up @@ -405,17 +405,26 @@ pub const JSValue = enum(i64) {
return bun.jsc.fromJSHostCallGeneric(globalObject, @src(), JSC__JSValue__push, .{ value, globalObject, out });
}

extern fn JSC__JSValue__toISOString(*jsc.JSGlobalObject, jsc.JSValue, *[28]u8) c_int;
pub fn toISOString(this: JSValue, globalObject: *jsc.JSGlobalObject, buf: *[28]u8) []const u8 {
/// Buffer type for `toISOString` / `getDateNowISOString`. Must match the
/// `char in[64]` parameter of `Bun::toISOString` in `wtf-bindings.cpp`.
pub const ISOStringBuffer = [64]u8;

extern fn JSC__JSValue__toISOString(*jsc.JSGlobalObject, jsc.JSValue, *ISOStringBuffer) c_int;
/// Serializes a JavaScript `Date` value as an ISO 8601 / RFC 3339 string
/// (the same format as `Date.prototype.toISOString`). Returns an empty
/// slice on failure (e.g. the value is not a finite `Date`).
pub fn toISOString(this: JSValue, globalObject: *jsc.JSGlobalObject, buf: *ISOStringBuffer) []const u8 {
const count = JSC__JSValue__toISOString(globalObject, this, buf);
if (count < 0) {
return "";
Comment thread
robobun marked this conversation as resolved.
}

return buf[0..@as(usize, @intCast(count))];
}
extern fn JSC__JSValue__DateNowISOString(*JSGlobalObject, f64) JSValue;
pub fn getDateNowISOString(globalObject: *jsc.JSGlobalObject, buf: *[28]u8) []const u8 {
extern fn JSC__JSValue__DateNowISOString(*jsc.JSGlobalObject, *ISOStringBuffer) c_int;
/// Writes `new Date(Date.now()).toISOString()` into `buf` and returns
/// the written slice. Empty slice on failure.
pub fn getDateNowISOString(globalObject: *jsc.JSGlobalObject, buf: *ISOStringBuffer) []const u8 {
const count = JSC__JSValue__DateNowISOString(globalObject, buf);
if (count < 0) {
return "";
Expand Down
32 changes: 4 additions & 28 deletions src/bun.js/bindings/bindings.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -5801,7 +5801,6 @@ extern "C" EncodedJSValue JSC__JSValue__dateInstanceFromNullTerminatedString(JSC
// this is largely copied from dateProtoFuncToISOString
extern "C" int JSC__JSValue__toISOString(JSC::JSGlobalObject* globalObject, EncodedJSValue dateValue, char* buf)
{
char buffer[64];
JSC::DateInstance* thisDateObj = dynamicDowncast<JSC::DateInstance>(JSC::JSValue::decode(dateValue));
if (!thisDateObj)
return -1;
Expand All @@ -5811,41 +5810,18 @@ extern "C" int JSC__JSValue__toISOString(JSC::JSGlobalObject* globalObject, Enco

auto& vm = JSC::getVM(globalObject);

return static_cast<int>(Bun::toISOString(vm, thisDateObj->internalNumber(), buffer));
return static_cast<int>(Bun::toISOString(vm, thisDateObj->internalNumber(), buf));
}

extern "C" int JSC__JSValue__DateNowISOString(JSC::JSGlobalObject* globalObject, char* buf)
Comment thread
claude[bot] marked this conversation as resolved.
{
char buffer[29];
JSC::DateInstance* thisDateObj = JSC::DateInstance::create(globalObject->vm(), globalObject->dateStructure(), globalObject->jsDateNow());

if (!std::isfinite(thisDateObj->internalNumber()))
return -1;

auto& vm = JSC::getVM(globalObject);
double now = globalObject->jsDateNow();

const GregorianDateTime* gregorianDateTime = thisDateObj->gregorianDateTimeUTC(vm.dateCache);
if (!gregorianDateTime)
return -1;

// If the year is outside the bounds of 0 and 9999 inclusive we want to use the extended year format (ES 15.9.1.15.1).
int ms = static_cast<int>(fmod(thisDateObj->internalNumber(), msPerSecond));
if (ms < 0)
ms += msPerSecond;

int charactersWritten;
if (gregorianDateTime->year() > 9999 || gregorianDateTime->year() < 0)
charactersWritten = snprintf(buffer, sizeof(buffer), "%+07d-%02d-%02dT%02d:%02d:%02d.%03dZ", gregorianDateTime->year(), gregorianDateTime->month() + 1, gregorianDateTime->monthDay(), gregorianDateTime->hour(), gregorianDateTime->minute(), gregorianDateTime->second(), ms);
else
charactersWritten = snprintf(buffer, sizeof(buffer), "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", gregorianDateTime->year(), gregorianDateTime->month() + 1, gregorianDateTime->monthDay(), gregorianDateTime->hour(), gregorianDateTime->minute(), gregorianDateTime->second(), ms);

memcpy(buf, buffer, charactersWritten);

ASSERT(charactersWritten > 0 && static_cast<unsigned>(charactersWritten) < sizeof(buffer));
if (static_cast<unsigned>(charactersWritten) >= sizeof(buffer))
if (!std::isfinite(now))
return -1;

return charactersWritten;
return static_cast<int>(Bun::toISOString(vm, now, buf));
}

#pragma mark - WebCore::DOMFormData
Expand Down
2 changes: 1 addition & 1 deletion src/s3/credentials.zig
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,7 @@ pub const S3Credentials = struct {

fn getAMZDate(allocator: std.mem.Allocator) DateResult {
// We can also use Date.now() but would be slower and would add jsc dependency
// var buffer: [28]u8 = undefined;
// var buffer: jsc.JSValue.ISOStringBuffer = undefined;
// the code bellow is the same as new Date(Date.now()).toISOString()
// jsc.JSValue.getDateNowISOString(globalObject, &buffer);

Expand Down
36 changes: 28 additions & 8 deletions src/sql/postgres/PostgresRequest.zig
Original file line number Diff line number Diff line change
Expand Up @@ -151,14 +151,34 @@
},

else => {
const str = try String.fromJS(value, globalObject);
if (str.tag == .Dead) return error.OutOfMemory;
defer str.deref();
const slice = str.toUTF8WithoutRef(bun.default_allocator);
defer slice.deinit();
const l = try writer.length();
try writer.write(slice.slice());
try l.writeExcludingSelf();
// JS `Date` objects reach this branch whenever the server
// hasn't told us the parameter type is `.timestamp` /
// `.timestamptz` — e.g. under `prepare: false`, or on the
// first execution of a fresh prepared statement before
// Describe returns. `bun.String.fromJS(date)` would emit
// `Date.prototype.toString()` output (a locale-dependent
// string like "Mon Jan 15 2024 12:30:45 GMT+0000 ..."),
// which PostgreSQL rejects. Serialize as ISO 8601 instead.
// On failure propagate a bind error rather than falling
// back to the legacy text path — the fallback would just
// re-emit the same broken locale string.
if (value.isDate()) {
var iso_buf: JSValue.ISOStringBuffer = undefined;
const iso = value.toISOString(globalObject, &iso_buf);
if (iso.len == 0) return error.InvalidQueryBinding;

Check failure on line 168 in src/sql/postgres/PostgresRequest.zig

View check run for this annotation

Claude / Claude Code Review

InvalidQueryBinding mid-write leaves partial Bind bytes in connection write_buffer

The new `return error.InvalidQueryBinding` paths (here and in `types.date.fromJS`) fire *after* `writeBind` has already appended the 'B' tag, length placeholder, names, format codes, and prior parameter values to `connection.write_buffer` — and the catch blocks in `PostgresSQLConnection.advance()` never truncate `write_buffer` on failure. So a user who binds `new Date('bad')`, catches the rejection, and issues another query on the same connection will have that query's bytes appended after a par
Comment thread
robobun marked this conversation as resolved.
const l = try writer.length();
try writer.write(iso);
try l.writeExcludingSelf();
} else {
const str = try String.fromJS(value, globalObject);
if (str.tag == .Dead) return error.OutOfMemory;
defer str.deref();
const slice = str.toUTF8WithoutRef(bun.default_allocator);
defer slice.deinit();
const l = try writer.length();
try writer.write(slice.slice());
try l.writeExcludingSelf();
Comment thread
robobun marked this conversation as resolved.
}
},
}
Comment thread
robobun marked this conversation as resolved.
}
Comment thread
robobun marked this conversation as resolved.
Expand Down
11 changes: 10 additions & 1 deletion src/sql/postgres/types/date.zig
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
return (double_microseconds / std.time.us_per_ms) + POSTGRES_EPOCH_DATE;
}

pub fn fromJS(globalObject: *jsc.JSGlobalObject, value: JSValue) bun.JSError!i64 {
pub fn fromJS(globalObject: *jsc.JSGlobalObject, value: JSValue) AnyPostgresError!i64 {
const double_value = if (value.isDate())
value.getUnixTimestamp()
else if (value.isNumber())
Expand All @@ -22,6 +22,14 @@
break :brk try str.parseDate(globalObject);
} else return 0;

// `@intFromFloat` on a non-finite value is Illegal Behavior. Invalid
// `Date` objects (e.g. `new Date("bad")` / `new Date(NaN)`) are real
// `DateInstance`s whose internal value is NaN, so `getUnixTimestamp()`
// — and likewise `parseDate` on a bad string or `asNumber` on `NaN` —
// can return NaN / ±Infinity here. The text path (`toISOString`) already
// rejects these via `std::isfinite`; mirror that for the binary path.
if (!std.math.isFinite(double_value)) return error.InvalidQueryBinding;

Check notice on line 31 in src/sql/postgres/types/date.zig

View check run for this annotation

Claude / Claude Code Review

Pre-existing: MySQL DateTime.fromJS / Time.fromJS have the same unguarded @intFromFloat(NaN) bug

Pre-existing (not introduced by this PR, follow-up only): the same `@intFromFloat(NaN)` bug this guard fixes also exists, unguarded, in the MySQL driver — `src/sql/mysql/MySQLTypes.zig` `DateTime.fromJS` (lines 643–656) and `Time.fromJS` (lines 670–684) call `getUnixTimestamp()` / `asNumber()` and pass the result straight to `@intFromFloat` with no `std.math.isFinite` check, so binding `new Date('bad')` / `NaN` / `Infinity` triggers Zig Illegal Behavior (panic in safe builds, UB in release). Wor
Comment thread
robobun marked this conversation as resolved.

const unix_timestamp: i64 = @intFromFloat(double_value);
return (unix_timestamp - POSTGRES_EPOCH_DATE) * std.time.us_per_ms;
}
Expand All @@ -46,6 +54,7 @@

const bun = @import("bun");
const std = @import("std");
const AnyPostgresError = @import("../AnyPostgresError.zig").AnyPostgresError;
const Data = @import("../../shared/Data.zig").Data;

const int_types = @import("./int_types.zig");
Expand Down
181 changes: 181 additions & 0 deletions test/regression/issue/29010.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,181 @@
// Regression test for https://github.com/oven-sh/bun/issues/29010
//
// Bun.SQL must serialize JavaScript `Date` parameters as ISO 8601 / RFC 3339
// (`Date.prototype.toISOString()`), not the locale-dependent output of
// `Date.prototype.toString()`. PostgreSQL-compatible databases reject the
// latter (`"Mon Jan 15 2024 12:30:45 GMT+0000 (Coordinated Universal Time)"`)
// with an "invalid input syntax for type timestamp" error.
//
// The bug was specific to text-format serialization: with `prepare: false`
// (and more generally whenever the parameter type tag is 0 / server-decided),
// `writeBind` fell through to `bun.String.fromJS(value)`, which returns the
// JS `toString()` representation. The binary-format path for
// `.timestamp` / `.timestamptz` was already correct because it goes through
// `types.date.fromJS` → `getUnixTimestamp()`.

import { SQL } from "bun";
import { describe, expect, test } from "bun:test";
import * as dockerCompose from "../../docker/index.ts";

// Resolve a reachable PostgreSQL instance. Prefer the docker-compose
// `postgres_plain` service (what CI uses); fall back to a local
// PostgreSQL listening on 127.0.0.1:5432 with the same credentials
// as the init script (`bun_sql_test` / `bun_sql_test`).
//
// This test is a *consumer* of the shared `bun-test-services` compose
// project — it must never call `dockerCompose.down()`, because that
// would tear down every service in the project and break other suites
// running concurrently against postgres_tls / mysql_* / redis_* / etc.
async function resolvePostgres(): Promise<{ host: string; port: number } | null> {
try {
const info = await dockerCompose.ensure("postgres_plain");
return { host: info.host, port: info.ports[5432] };
} catch {}

try {
await using probe = new SQL({
host: "127.0.0.1",
port: 5432,
username: "bun_sql_test",
db: "bun_sql_test",
max: 1,
idleTimeout: 1,
connectionTimeout: 2,
});
await probe`SELECT 1`;
return { host: "127.0.0.1", port: 5432 };
} catch {}

return null;
}

describe("issue #29010 — Date parameters serialize as ISO 8601", async () => {
const target = await resolvePostgres();
if (!target) {
test.skip("PostgreSQL not available", () => {});
return;
}

const baseOptions = {
db: "bun_sql_test",
username: "bun_sql_test",
host: target.host,
port: target.port,
max: 1,
};

// With `prepare: false` (unnamed prepared statements), parameter types
// are not learned from Describe responses, so the Bind message sends
// parameters in text format with the server-decided type. This is where
// the bug lived: the fallthrough branch called `String.fromJS` on a
// `Date`, which produces the locale string rather than ISO 8601.
describe("prepare: false (text format, server-decided type)", () => {
const options = { ...baseOptions, prepare: false };
const t = new Date("2024-01-15T12:30:45.000Z");

test("Date in SELECT parameter does not produce a parse error", async () => {
await using db = new SQL(options);
// Casting to ::timestamptz forces the server to parse the parameter
// as a timestamp. The old locale-string serialization fails this
// parse with an "invalid input syntax for type timestamp" error.
const [{ x }] = await db`SELECT ${t}::timestamptz AS x`;
expect(x).toEqual(t);
});

test("Date in INSERT via sql(rows) does not produce a parse error", async () => {
await using db = new SQL(options);
const table = `issue_29010_rows_${Date.now()}`;
try {
await db`CREATE TABLE ${db(table)} (id SERIAL PRIMARY KEY, created_at TIMESTAMPTZ)`;
await db`INSERT INTO ${db(table)} ${db([{ created_at: t }])}`;
const rows = await db`SELECT created_at FROM ${db(table)}`;
expect(rows).toEqual([{ created_at: t }]);
} finally {
await db`DROP TABLE IF EXISTS ${db(table)}`;
}
});

test("Date in INSERT as a plain parameter does not produce a parse error", async () => {
await using db = new SQL(options);
const table = `issue_29010_param_${Date.now()}`;
try {
await db`CREATE TABLE ${db(table)} (id SERIAL PRIMARY KEY, created_at TIMESTAMPTZ)`;
await db`INSERT INTO ${db(table)} (created_at) VALUES (${t})`;
const rows = await db`SELECT created_at FROM ${db(table)}`;
expect(rows).toEqual([{ created_at: t }]);
} finally {
await db`DROP TABLE IF EXISTS ${db(table)}`;
}
});

test("Date with a timezone offset also round-trips as UTC", async () => {
// A Date constructed from a non-UTC ISO string is stored as a UTC
// instant. The serializer must emit the UTC instant with a trailing
// `Z`, not the local-time string that `toString()` would emit.
await using db = new SQL(options);
const localDate = new Date("2024-07-04T16:00:00.000-04:00"); // 20:00:00Z
const [{ x }] = await db`SELECT ${localDate}::timestamptz AS x`;
expect(x).toEqual(localDate);
});
});

// Sanity check: the default (prepared) path was already correct, make
// sure we didn't regress it. On the *first* execution of a prepared
// statement, `statement.parameters` is still empty (the server hasn't
// sent a ParameterDescription yet) so `writeBind` uses the ISO text
// path added in this change. On the *second* execution the cached OID
// (`timestamptz` = 1184) is present and `writeBind` takes the binary
// `types.date.fromJS` path. Exercise both.
describe("prepare: true", () => {
const options = { ...baseOptions, prepare: true };
const t = new Date("2024-01-15T12:30:45.000Z");

test("Date round-trips on first and subsequent executions", async () => {
await using db = new SQL(options);
// First execution: OID 0 (server-decided) → text-format ISO 8601.
const [{ x: first }] = await db`SELECT ${t}::timestamptz AS x`;
expect(first).toEqual(t);
// Second execution of the same prepared statement: OID 1184 →
// binary microseconds-since-2000 via `types.date.fromJS`.
const [{ x: second }] = await db`SELECT ${t}::timestamptz AS x`;
expect(second).toEqual(t);
});
});
Comment thread
claude[bot] marked this conversation as resolved.

// Invalid `Date` objects (`new Date(NaN)`, `new Date("bad")`) are real
// `DateInstance`s whose internal value is NaN. Both serialization paths
// must reject them cleanly rather than crashing or sending garbage:
// - text path: `toISOString()` returns "" for non-finite dates →
// `error.InvalidQueryBinding` in the new `writeBind` `else` branch.
// - binary path: `types.date.fromJS` previously did an unguarded
// `@intFromFloat(NaN)` (Illegal Behavior — panic in safe builds,
// silent UB in release). Now guarded with `std.math.isFinite`.
describe("invalid Date (NaN internal value)", () => {
const invalid = new Date("this is not a date");

test("prepare: false rejects with a bind error, not a server parse error", async () => {
await using db = new SQL({ ...baseOptions, prepare: false });
expect(invalid.getTime()).toBeNaN();
// `.execute()` returns a real Promise; the bare tagged-template
// query is a lazy thenable that `expect().rejects` won't drive.
await expect(db`SELECT ${invalid}::timestamptz AS x`.execute()).rejects.toThrow(
expect.objectContaining({ code: "ERR_POSTGRES_INVALID_QUERY_BINDING" }),
);
});

test("prepare: true binary path rejects without crashing", async () => {
await using db = new SQL({ ...baseOptions, prepare: true });
// Prime the statement so `statement.parameters` is populated with
// OID 1184 and the second execution takes the binary path.
const good = new Date("2024-01-15T12:30:45.000Z");
const [{ x }] = await db`SELECT ${good}::timestamptz AS x`;
expect(x).toEqual(good);
// Second execution with an invalid Date reaches `types.date.fromJS`,
// which must reject the non-finite timestamp rather than hitting
// `@intFromFloat(NaN)`.
await expect(db`SELECT ${invalid}::timestamptz AS x`.execute()).rejects.toThrow(
expect.objectContaining({ code: "ERR_POSTGRES_INVALID_QUERY_BINDING" }),
);
});
});
});
Loading