Oracle Tuxedo has the Fboolev32
function for evaluating Boolean expressions in which the “variables” are the values of fields. The expressions are a subset of the C programming language with a nice addition of regular expression match operators:
- expression %% expression yields a 1 if the first expression is fully matched by the second expression (the regular expression).
- expression !% expression yields a 1 if the first expression is not matched by the second expression.
Since expressions do not have a subscript operator for strings, regular expressions are used to match the prefix, postfix, or the nth character:
import tuxedo as t
t.Fboolev32({"TA_STATUS": "OK123"}, "TA_STATUS %% 'OK.*'")
These operators are something new to most developers and sometimes you get expressions like this one:
import tuxedo as t
t.Fboolev32({"TA_STATUS": "OK123"}, "TA_STATUS %! 'OK.*'")
What will be the result? A crash of your process!
Instead of the !%
operator, the developer typed in %!
which is parsed as two operators:
-
%
for the modulo operation -
!
for negation
What happens next is:
-
'OK.*'
is a non-empty string and evaluates to 1 -
!
negates 1 and evaluates to 0 -
TA_STATUS
is converted to a number, most likely a 0. But it does not matter -
0 % 0
is division by 0 and we get aSIGFPE
signal deliver to the process
Most of the software out there does not have a SIGFPE
signal handler installed and crash:
>>> import tuxedo as t
>>> t.Fboolev32({"TA_STATUS": "OK123"}, "TA_STATUS %! 'OK.*'")
Floating-point exception
Now image if those Boolean expressions were written by the user… If you use Boolean expressions in your Oracle Tuxedo application, remember to install the SIGFPE
handler.
Top comments (0)