Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: make C FFI more robust with respect to malformed input #5408

Merged
merged 3 commits into from
Apr 12, 2023

Conversation

wolffcm
Copy link

@wolffcm wolffcm commented Apr 11, 2023

An audit discovered a few places where we could be more rigorous about checking inputs for valid data. This PR addresses the issues and adds tests for them.

@wolffcm wolffcm requested a review from a team as a code owner April 11, 2023 23:43
@@ -123,12 +124,30 @@ pub unsafe extern "C" fn flux_parse(
cfname: *const c_char,
csrc: *const c_char,
) -> Box<ast::Package> {
let fname = String::from_utf8(CStr::from_ptr(cfname).to_bytes().to_vec()).unwrap();
let src = String::from_utf8(CStr::from_ptr(csrc).to_bytes().to_vec()).unwrap();
let fname = match String::from_utf8(CStr::from_ptr(cfname).to_bytes().to_vec()) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error handling doesn't look super elegant, but a) it's only two occasions and b) I couldn't come up with something nicer.

@crepererum
Copy link

BTW: another way to guard your FFI interfaces against all sorts of panics is catch_unwind. Just use it within the top-level FFI method, try to downcast the FFI payload to String and &'static str (both are possible) and create your FFI error type from that.

@wolffcm wolffcm merged commit 776751a into master Apr 12, 2023
@wolffcm wolffcm deleted the wolffcm/fix-cffi branch April 12, 2023 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants