LibIPC: Break from message parsing if whole message payload is not ready
Some checks are pending
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run

Fixes the bug when we try to read message payload without checking if we
received enough bytes or file descriptors.
This commit is contained in:
Aliaksandr Kalenik 2025-04-07 18:22:04 +02:00 committed by Alexander Kalenik
parent 1d9e226206
commit ac643aa392
Notes: github-actions[bot] 2025-04-07 18:26:57 +00:00
2 changed files with 7 additions and 1 deletions

View file

@ -152,9 +152,13 @@ TransportSocket::ShouldShutdown TransportSocket::read_as_many_messages_as_possib
}
size_t index = 0;
while (index + sizeof(MessageHeader) < m_unprocessed_bytes.size()) {
while (index + sizeof(MessageHeader) <= m_unprocessed_bytes.size()) {
MessageHeader header;
memcpy(&header, m_unprocessed_bytes.data() + index, sizeof(MessageHeader));
if (header.size + sizeof(MessageHeader) > m_unprocessed_bytes.size() - index)
break;
if (header.fd_count > m_unprocessed_fds.size())
break;
Message message;
for (size_t i = 0; i < header.fd_count; ++i)
message.fds.append(m_unprocessed_fds.dequeue());