Skip to content

harden bounds checks and layout size validation in providers#627

Open
jmestwa-coder wants to merge 1 commit into
apache:trunkfrom
jmestwa-coder:slotmem-harden-bounds-and-layout-safety
Open

harden bounds checks and layout size validation in providers#627
jmestwa-coder wants to merge 1 commit into
apache:trunkfrom
jmestwa-coder:slotmem-harden-bounds-and-layout-safety

Conversation

@jmestwa-coder

@jmestwa-coder jmestwa-coder commented Apr 5, 2026

Copy link
Copy Markdown

slotmem: consolidate layout size checks and fix remaining unchecked paths

Redone against trunk now that r1936268 (#626) covers the create/attach/get/put checks. Remaining changes:

  • Replace the slotmem_size_mul/slotmem_size_add call chains with a single slotmem_layout_sizes() helper so create/attach/store share one overflow-checked layout computation.
  • store_slotmem() still computed the persist size unchecked; use the helper and drop the persist file on failure.
  • get/put: reject NULL buffers with nonzero length and skip the memcpy for zero length.
  • slotmem_release() in the shm provider read inuse[id] in the log message before the id bounds check; only read it when id is valid.

@jmestwa-coder

Copy link
Copy Markdown
Author

any update?

@notroj

notroj commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

This was pretty similar to #626 but I didn't read it first, sorry. Maybe I slightly prefer the code style in this one, would you be able to redo against trunk?

…aths

- replace slotmem_size_mul/slotmem_size_add with a single
  slotmem_layout_sizes() helper so create/attach/store share one
  overflow-checked layout computation
- store_slotmem: persist size was still computed unchecked; use the
  helper and drop the persist file on failure
- slotmem_get/put: reject NULL buffers with nonzero length and skip
  the memcpy for zero length
- slotmem_release (shm): log message read inuse[id] before the id
  bounds check; read it only when id is valid
@jmestwa-coder
jmestwa-coder force-pushed the slotmem-harden-bounds-and-layout-safety branch from f5f7ec6 to 167e87b Compare July 18, 2026 08:59
@jmestwa-coder

Copy link
Copy Markdown
Author

Done, redone against trunk. Since r1936268 already covers most of the original patch, this is now just the delta:

  • consolidated the size_mul/size_add call chains into a single slotmem_layout_sizes() helper shared by create/attach/store
  • store_slotmem() was still computing the persist size unchecked; it now uses the helper and drops the persist file on failure
  • get/put reject NULL buffers with nonzero length and skip the memcpy when the length is zero
  • the release log message read inuse[id] before the id bounds check in the shm provider; it now only reads it when id is valid

Both files build warning-free with clang, and I checked the helper against the old formulas: identical sizes for all valid inputs, EINVAL for the shapes that used to wrap.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants