Skip to content

security check: int32 with size_t mixed calc on memcpy parameter#35218

Open
DuanKuanJun wants to merge 3 commits intomainfrom
fix/TD-6713663608-MAIN-A
Open

security check: int32 with size_t mixed calc on memcpy parameter#35218
DuanKuanJun wants to merge 3 commits intomainfrom
fix/TD-6713663608-MAIN-A

Conversation

@DuanKuanJun
Copy link
Copy Markdown
Contributor

@DuanKuanJun DuanKuanJun commented Apr 23, 2026

Description

Issue(s)

  • Close/close/Fix/fix/Resolve/resolve: Issue Link

Checklist

Please check the items in the checklist if applicable.

  • Is the user manual updated?
  • Are the test cases passed and automated?
  • Is there no significant decrease in test coverage?

Copilot AI review requested due to automatic review settings April 23, 2026 07:34
@DuanKuanJun DuanKuanJun requested a review from localvar April 23, 2026 07:35
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a bounds check in uvConnMayGetUserInfo to ensure the message length is sufficient before allocating memory for user information, preventing potential issues with len - offset. The reviewer suggested storing the calculated required length in a variable to improve code readability and eliminate redundant calculations.

Comment thread source/libs/transport/src/transSvr.c Outdated
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens server-side transport message handling by validating packet length before extracting embedded user/token info, preventing unsafe size calculations during buffer copies.

Changes:

  • Add a minimum-length check when withUserInfo is set to ensure the message contains the required header + user/token bytes before copying.
  • Log an error and abort user-info extraction when the packet is too short.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread source/libs/transport/src/transSvr.c Outdated
Copilot AI review requested due to automatic review settings April 23, 2026 07:59
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@yihaoDeng yihaoDeng yihaoDeng approved these changes

@guanshengliang guanshengliang Awaiting requested review from guanshengliang guanshengliang is a code owner

@dapan1121 dapan1121 Awaiting requested review from dapan1121 dapan1121 is a code owner

@localvar localvar Awaiting requested review from localvar

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DuanKuanJun @yihaoDeng