Skip to content

RDKEMW-15175: Prevent buffer overflow when binary data contains protocol delimiter bytes#415

Merged
goruklu merged 6 commits intordkcentral:developfrom
ks734:topic/RDKEMW-12359
Mar 11, 2026
Merged

RDKEMW-15175: Prevent buffer overflow when binary data contains protocol delimiter bytes#415
goruklu merged 6 commits intordkcentral:developfrom
ks734:topic/RDKEMW-12359

Conversation

@ks734
Copy link
Contributor

@ks734 ks734 commented Mar 4, 2026
edited
Loading

Description

  • processMessage(): add len < 0 guard that logs an error and returns -1, dropping the malformed message safely before any memcpy
  • processMessage(): change std::min<size_t> to std::min<ssize_t> to prevent silent unsigned wrap of negative length values
  • processLogData(): fix memmove(mMsgBuf, mMsgBuf, mMsgLen) no-op bug; correct source pointer to msgStart so consumed bytes are actually discarded from the buffer

Test Procedure

The crash is non-deterministic: it only occurs when the binary key bytes happen to contain a 0x1e or 0x1f byte

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Other (doesn't fit into the above categories - e.g. documentation updates)

Requires Bitbake Recipe changes?

  • The base Bitbake recipe (meta-rdk-ext/recipes-containers/dobby/dobby.bb) must be modified to support the changes in this PR (beyond updating SRC_REV)

Copilot AI review requested due to automatic review settings March 4, 2026 06:25
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens EthanLog message parsing to avoid memory corruption when binary/garbage data in the logging pipe contains delimiter bytes, and fixes a buffer-compaction bug so consumed bytes are actually removed from the receive buffer.

Changes:

  • Fix buffer compaction in processLogData() by memmoving from the correct source pointer after discarding preamble bytes.
  • Clarify/guard field handling to better tolerate malformed delimiter sequences.
  • Add a defensive length guard in processMessage() and avoid unsigned wrap by using std::min<ssize_t> when capping the message length.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ks734 ks734 requested a review from Copilot March 5, 2026 06:57
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

goruklu
goruklu previously approved these changes Mar 6, 2026
View reviewed changes
@ks734 ks734 changed the title RDKEMW-12359: Prevent buffer overflow when binary data contains protocol delimiter bytes RDKEMW-15175: Prevent buffer overflow when binary data contains protocol delimiter bytes Mar 9, 2026
Copilot AI review requested due to automatic review settings March 10, 2026 08:38
Copilot AI reviewed Mar 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@goruklu goruklu merged commit f782476 into rdkcentral:develop Mar 11, 2026
19 of 20 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 11, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@goruklu goruklu goruklu approved these changes

+1 more reviewer

@rajil-jackson rajil-jackson rajil-jackson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ks734 @goruklu @rajil-jackson