Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SegmentReader bugs #134

Merged
merged 2 commits into from
Sep 1, 2023
Merged

Fix SegmentReader bugs #134

merged 2 commits into from
Sep 1, 2023

Conversation

jonahbeckford
Copy link

There are two bugs, one for each of the two first commits:

  1. Support signed offsets for Structs and Lists pointers - without this change perfectly valid segments are rejected
  2. Word arithmetic should be used for bounds checking - without this change we have a safety violation

1 - Support signed offsets for Structs and Lists pointers

Both Structs and Lists support two's complement "Signed" offsets:

B (30 bits) = Offset, in words, from the end
of the pointer to the start of the struct's
data section. Signed.

B (30 bits) = Offset, in words, from the end
of the pointer to the start of the first
element of the list. Signed.

The prior code only supported positive offsets because it used the Java >>> operator, which is an unsigned shift operator. The Java >> operator is the signed shift operator.

Audited the remaining uses of the shift operator; they were correct and they are documented as such.

Positive offsets are only guaranteed in a Canonical message.

2 - Word arithmetic should be used for bounds checking

Prior to this change, the start index was treated as a byte index rather than a word index.

Jonah Beckford added 2 commits August 31, 2023 20:12
Use word arithmetic for SegmentReader
f7608be 
Prior to this change, the start index was treated as a byte index
rather than a word index.
Support signed offsets
c5c0fae 
Both Structs and Lists support two's complement "Signed" offsets:

> B (30 bits) = Offset, in words, from the end
> of the pointer to the start of the struct's
> data section.  Signed.

> B (30 bits) = Offset, in words, from the end
> of the pointer to the start of the first
> element of the list.  Signed.

The prior code only supported positive offsets
because it used the Java >>> operator, which
is an unsigned shift operator. The Java >>
operator is the signed shift operator.

Audited the remaining uses of the shift
operator; they were correct and they are
documented as such.

Positive offsets are only guaranteed in a Canonical message.
@dwrensha dwrensha merged commit 5ed5ec6 into capnproto:master Sep 1, 2023
1 check passed
@dwrensha
Copy link
Member

dwrensha commented Sep 1, 2023

Wow! Good catch!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonahbeckford @dwrensha