Validate timeout in ThreadHandle::join to prevent panic

ever0de · ever0de · commit 783cca6b02e6 · 2026-02-28T23:23:26.000+09:00
diff --git a/crates/vm/src/function/number.rs b/crates/vm/src/function/number.rs
@@ -219,9 +219,13 @@ impl TimeoutSeconds {
 
 impl TryFromObject for TimeoutSeconds {
     fn try_from_object(vm: &VirtualMachine, obj: PyObjectRef) -> PyResult<Self> {
-        super::Either::<f64, i64>::try_from_object(vm, obj).map(|e| match e {
-            super::Either::A(f) => Self { value: f },
-            super::Either::B(i) => Self { value: i as f64 },
-        })
+        let value = match super::Either::<f64, i64>::try_from_object(vm, obj)? {
+            super::Either::A(f) => f,
+            super::Either::B(i) => i as f64,
+        };
+        if value.is_nan() {
+            return Err(vm.new_value_error("Invalid value NaN (not a number)".to_owned()));
+        }
+        Ok(Self { value })
     }
 }
diff --git a/crates/vm/src/stdlib/thread.rs b/crates/vm/src/stdlib/thread.rs
@@ -79,15 +79,12 @@ pub(crate) mod _thread {
                     Ok(true)
                 }
                 true if timeout < 0.0 => {
-                    Err(vm.new_value_error("timeout value must be positive".to_owned()))
+                    Err(vm.new_value_error("timeout value must be a non-negative number".to_owned()))
                 }
                 true => {
-                    // modified from std::time::Duration::from_secs_f64 to avoid a panic.
-                    // TODO: put this in the Duration::try_from_object impl, maybe?
-                    let nanos = timeout * 1_000_000_000.0;
-                    if timeout > TIMEOUT_MAX as f64 || nanos < 0.0 || !nanos.is_finite() {
+                    if timeout > TIMEOUT_MAX {
                         return Err(vm.new_overflow_error(
-                            "timestamp too large to convert to Rust Duration".to_owned(),
+                            "timeout value is too large".to_owned(),
                         ));
                     }
 
@@ -1096,7 +1093,16 @@ pub(crate) mod _thread {
             let timeout_duration = match timeout.flatten() {
                 Some(t) => {
                     let secs = t.to_secs_f64();
-                    (secs >= 0.0).then(|| Duration::from_secs_f64(secs))
+                    if secs >= 0.0 {
+                        if secs > TIMEOUT_MAX {
+                            return Err(vm.new_overflow_error(
+                                "timeout value is too large".to_owned(),
+                            ));
+                        }
+                        Some(Duration::from_secs_f64(secs))
+                    } else {
+                        None
+                    }
                 }
                 _ => None,
             };
