Fix cli vulnerabilities 3 (ydb-platform#16765) (ydb-platform#16863)

pnv1 · web-flow · commit cf62ce85075e · 2025-04-08T09:18:57.000+03:00
diff --git a/ydb/library/benchmarks/gen/tpcds-dbgen/tdefs.c b/ydb/library/benchmarks/gen/tpcds-dbgen/tdefs.c
@@ -172,21 +172,21 @@ getSimpleTdefsByNumber(int nTable)
 tdef *
 getTdefsByNumber(int nTable)
 {
-   if (is_set("UPDATE") && is_set("VALIDATE"))
+   if (is_set("UPDATE") && is_set("VALIDATE")
+      && nTable >= S_BRAND && (s_tdefs[nTable - S_BRAND].flags & FL_PASSTHRU))
    {
-      checkTdefsSize(nTable);
-      if (s_tdefs[nTable].flags & FL_PASSTHRU)
+      checkTdefsSize(nTable - S_BRAND);
+      int wtdefsIndex = -1;
+      switch(nTable)
       {
-         switch(nTable + S_BRAND)
-         {
-         case S_CATALOG_PAGE: nTable = CATALOG_PAGE; break;
-         case S_CUSTOMER_ADDRESS: nTable = CUSTOMER_ADDRESS; break;
-         case S_PROMOTION: nTable = PROMOTION; break;
-         }
+      case S_CATALOG_PAGE: wtdefsIndex = CATALOG_PAGE; break;
+      case S_CUSTOMER_ADDRESS: wtdefsIndex = CUSTOMER_ADDRESS; break;
+      case S_PROMOTION: wtdefsIndex = PROMOTION; break;
+      }
+      // Use w_tdefs only if we decreased the index
+      if (wtdefsIndex != -1) {
          return(&w_tdefs[nTable]);
       }
-      else
-         return(&s_tdefs[nTable]);
    }
 
    return(getSimpleTdefsByNumber(nTable));
diff --git a/ydb/library/benchmarks/gen/tpcds-dbgen/w_datetbl.c b/ydb/library/benchmarks/gen/tpcds-dbgen/w_datetbl.c
@@ -100,7 +100,7 @@ mk_w_date (void * row, ds_key_t index)
     mk_bkey(&r->d_date_id[0], nTemp, D_DATE_ID);
     jtodt (&temp_date, nTemp);
     r->d_year = temp_date.year;
-    r->d_dow = set_dow (&temp_date);
+    r->d_dow = set_dow (&temp_date) % 7;
     r->d_moy = temp_date.month;
     r->d_dom = temp_date.day;
     /* set the sequence counts; assumes that the date table starts on a year boundary */
@@ -113,10 +113,6 @@ mk_w_date (void * row, ds_key_t index)
     r->d_fy_year = r->d_year;
     r->d_fy_quarter_seq = r->d_quarter_seq;
     r->d_fy_week_seq = r->d_week_seq;
-    if (r->d_dow >= 7) {
-      INTERNAL("weekday_names array overflow");
-      exit(EXIT_FAILURE);
-    }
     r->d_day_name = weekday_names[r->d_dow + 1];
     dist_member (&r->d_holiday, "calendar", day_index, 8);
     if ((r->d_dow == 5) || (r->d_dow == 6))
@@ -281,7 +277,7 @@ vld_w_date(int nTable, ds_key_t kRow, int *Permutation)
     mk_bkey(&r->d_date_id[0], nTemp, D_DATE_ID);
     jtodt (&temp_date, nTemp);
     r->d_year = temp_date.year;
-    r->d_dow = set_dow (&temp_date);
+    r->d_dow = set_dow (&temp_date) % 7;
     r->d_moy = temp_date.month;
     r->d_dom = temp_date.day;
     /* set the sequence counts; assumes that the date table starts on a year boundary */
@@ -294,10 +290,6 @@ vld_w_date(int nTable, ds_key_t kRow, int *Permutation)
     r->d_fy_year = r->d_year;
     r->d_fy_quarter_seq = r->d_quarter_seq;
     r->d_fy_week_seq = r->d_week_seq;
-    if (r->d_dow >= 7) {
-      INTERNAL("weekday_names array overflow");
-      exit(EXIT_FAILURE);
-    }
     r->d_day_name = weekday_names[r->d_dow + 1];
     dist_member (&r->d_holiday, "calendar", day_index, 8);
     if ((r->d_dow == 5) || (r->d_dow == 6))
