Skip to content

Add bounds checking and validation for binary dictionary values#1083

Merged
BYVoid merged 2 commits intomasterfrom
claude/fix-ocd2-buffer-overflow-2C0ie
Mar 30, 2026
Merged

Add bounds checking and validation for binary dictionary values#1083
BYVoid merged 2 commits intomasterfrom
claude/fix-ocd2-buffer-overflow-2C0ie

Conversation

@BYVoid
Copy link
Copy Markdown
Owner

@BYVoid BYVoid commented Mar 30, 2026
edited
Loading

Summary

This change adds safety validation when reading serialized values from OpenCC binary dictionary files to prevent out-of-bounds memory access and ensure data integrity.

Key Changes

  • Added pValueBufferEnd pointer to track the end boundary of the value buffer
  • Added bounds checking to ensure numValueBytes doesn't exceed the remaining buffer space
  • Added null-termination validation to ensure each value string is properly terminated
  • Throws InvalidFormat exception with descriptive error messages when validation fails

Implementation Details

The validation occurs before dereferencing the value pointer, ensuring:

  1. The value size is non-zero
  2. The value offset plus size doesn't exceed the buffer bounds
  3. The value is null-terminated at the expected position

This prevents potential buffer overflows and data corruption when reading malformed or corrupted dictionary files.

claude added 2 commits March 30, 2026 13:23
@claude
Fix heap buffer over-read in SerializedValues::NewFromFile
968b1c2 
Add bounds checking for pValueBuffer advancement when parsing .ocd2
dictionary files. A crafted .ocd2 file with manipulated numValueBytes
values could cause reads past the end of the heap-allocated valueBuffer.

The fix validates that:
- numValueBytes is non-zero
- pValueBuffer + numValueBytes does not exceed the buffer end
- The value is properly null-terminated within the buffer

Fixes GHSA-q92m-gpfj-xgqv

https://claude.ai/code/session_019sH5KXruubuLydo2NNasNE
@claude
Add unit tests for SerializedValues malformed .ocd2 input validation
cf5f378 
Tests craft binary .ocd2 files to verify that NewFromFile properly
rejects malformed input:
- Value offset exceeding buffer bounds
- Value not null-terminated within its claimed range
- Zero-length numValueBytes
- Cumulative offsets overflowing the buffer
- Sanity check that well-formed crafted files still deserialize correctly

https://claude.ai/code/session_019sH5KXruubuLydo2NNasNE
@BYVoid BYVoid self-assigned this Mar 30, 2026
@BYVoid
Copy link
Copy Markdown
Owner Author

BYVoid commented Mar 30, 2026
edited
Loading

@codex review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Mar 30, 2026

Codex Review: Didn't find any major issues. 🚀

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@BYVoid BYVoid merged commit a8f8e49 into master Mar 30, 2026
31 of 32 checks passed
Copilot AI mentioned this pull request Apr 17, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@BYVoid BYVoid

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BYVoid @claude