From 150394bee16044cba1be837b4e7a07ac0ded6375 Mon Sep 17 00:00:00 2001
From: sikehish <hisham0502@gmail.com>
Date: Mon, 2 Dec 2024 23:11:00 +0530
Subject: [PATCH] casts.go: Added extra checks in builtinToNumber to reject
 NaN, Infinity, and Inf.

---
 topdown/casts.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/topdown/casts.go b/topdown/casts.go
index 94087d5edb6..f68a43b0f02 100644
--- a/topdown/casts.go
+++ b/topdown/casts.go
@@ -23,7 +23,11 @@ func builtinToNumber(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term
 	case ast.Number:
 		return iter(ast.NewTerm(a))
 	case ast.String:
-		_, err := strconv.ParseFloat(string(a), 64)
+		strValue := string(a)
+		if strValue == "Inf" || strValue == "Infinity" || strValue == "NaN" {
+			return builtins.NewOperandTypeErr(1, operands[0].Value, "valid number string")
+		}
+		_, err := strconv.ParseFloat(strValue, 64)
 		if err != nil {
 			return err
 		}