Describe the bug, including details regarding any error messages, version, and platform.
When we read an IPC message from an IPC file, we validate its associated body size against the amount required by the streaming decoder. However, we're currently only checking that the body size is large enough, not that it's exactly as expected.
An invalid IPC file might advertise a metaDataLength that's larger than the actual serialized Flatbuffers payload. In that case, the associated body would start before the offset computed from the IPC file footer.
This was found by OSS-Fuzz in https://issues.oss-fuzz.com/issues/499567665
Component(s)
C++, Continuous Integration
Describe the bug, including details regarding any error messages, version, and platform.
When we read an IPC message from an IPC file, we validate its associated body size against the amount required by the streaming decoder. However, we're currently only checking that the body size is large enough, not that it's exactly as expected.
An invalid IPC file might advertise a
metaDataLengththat's larger than the actual serialized Flatbuffers payload. In that case, the associated body would start before the offset computed from the IPC file footer.This was found by OSS-Fuzz in https://issues.oss-fuzz.com/issues/499567665
Component(s)
C++, Continuous Integration