From dfd26951fe63b369a0d2c49edbe9fe4aaab69417 Mon Sep 17 00:00:00 2001
From: Marc Horowitz <mhorowitz@fb.com>
Date: Wed, 17 Jun 2015 11:06:45 -0700
Subject: [PATCH] Check array get for < 0

Summary: dynamic's integer type is signed, so make sure array indices
are not negative.

(See https://our.intern.facebook.com/intern/tasks/?t=7445055)

Reviewed By: @Gownta

Differential Revision: D2145689
---
 folly/dynamic.cpp          | 2 +-
 folly/test/DynamicTest.cpp | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/folly/dynamic.cpp b/folly/dynamic.cpp
index 26d17516..840c5f33 100644
--- a/folly/dynamic.cpp
+++ b/folly/dynamic.cpp
@@ -185,7 +185,7 @@ dynamic const& dynamic::at(dynamic const& idx) const {
     if (!idx.isInt()) {
       throw TypeError("int64", idx.type());
     }
-    if (idx >= parray->size()) {
+    if (idx < 0 || idx >= parray->size()) {
       throw std::out_of_range("out of range in dynamic array");
     }
     return (*parray)[idx.asInt()];
diff --git a/folly/test/DynamicTest.cpp b/folly/test/DynamicTest.cpp
index aa43c0a9..e471d021 100644
--- a/folly/test/DynamicTest.cpp
+++ b/folly/test/DynamicTest.cpp
@@ -157,6 +157,7 @@ TEST(Dynamic, ArrayBasics) {
   EXPECT_EQ(array.at(1), 2);
   EXPECT_EQ(array.at(2), 3);
 
+  EXPECT_ANY_THROW(array.at(-1));
   EXPECT_ANY_THROW(array.at(3));
 
   array.push_back("foo");
-- 
2.34.1