Skip to content

Guard against integer underflow on server-supplied message lengths#215

Merged
SeanTAllen merged 1 commit intomainfrom
issue-211-payload-size-bounds-check
Apr 14, 2026
Merged

Guard against integer underflow on server-supplied message lengths#215
SeanTAllen merged 1 commit intomainfrom
issue-211-payload-size-bounds-check

Conversation

@SeanTAllen
Copy link
Copy Markdown
Member

@SeanTAllen SeanTAllen commented Apr 14, 2026
edited
Loading

Closes #211.

USize subtraction wraps. Bare payload_size - N arithmetic on server-declared lengths could produce huge values with consequences that aren't fully characterized — validate at the arithmetic site so the wrap surfaces as a protocol violation directly.

@ponylang-main ponylang-main added the discuss during sync Should be discussed during an upcoming sync label Apr 14, 2026
@SeanTAllen SeanTAllen changed the title Reject PostgreSQL messages with malformed length fields Guard against integer underflow on server-supplied message lengths Apr 14, 2026
@SeanTAllen SeanTAllen added the changelog - fixed Automatically add "Fixed" CHANGELOG entry on merge label Apr 14, 2026
This was referenced Apr 14, 2026
Closed
Closed
@SeanTAllen SeanTAllen force-pushed the issue-211-payload-size-bounds-check branch from 537cbb9 to 3b15472 Compare April 14, 2026 19:48
@SeanTAllen
Guard against integer underflow on server-supplied message lengths
ef18bb7 
USize subtraction wraps. Bare `payload_size - N` arithmetic on
server-declared lengths could produce huge values with consequences
that aren't fully characterized — validate at the arithmetic site
so the wrap surfaces as a protocol violation directly.

Closes #211
@SeanTAllen SeanTAllen force-pushed the issue-211-payload-size-bounds-check branch from 3b15472 to ef18bb7 Compare April 14, 2026 20:00
@SeanTAllen SeanTAllen merged commit e1318e2 into main Apr 14, 2026
9 checks passed
@SeanTAllen SeanTAllen deleted the issue-211-payload-size-bounds-check branch April 14, 2026 20:04
github-actions Bot pushed a commit that referenced this pull request Apr 14, 2026
@ponylang-main
Update release notes for PR #215
10ef078
@ponylang-main ponylang-main removed the discuss during sync Should be discussed during an upcoming sync label Apr 14, 2026
github-actions Bot pushed a commit that referenced this pull request Apr 14, 2026
@ponylang-main
Update CHANGELOG for PR #215
75b8030
@SeanTAllen SeanTAllen mentioned this pull request Apr 14, 2026
Merged
SeanTAllen added a commit that referenced this pull request Apr 14, 2026
@SeanTAllen
Guard against integer overflow on server-supplied message lengths (#220)
7a0efe8 
Companion to #211. On 32-bit `USize` targets a server-declared length
near `U32.max` could wrap `payload_size + 4 + 1` to a small value,
slipping a bogus zero-payload acknowledgement past the buffer-size
check. The fix is the same flavor as #215 — use partial arithmetic at
the site so the wrap surfaces as a protocol violation directly.

CI runs lp64, so the new test's ilp32 branch can't be exercised here;
the counterfactual was walked through analytically and is documented in
the test's docstring.

Closes #217.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

changelog - fixed Automatically add "Fixed" CHANGELOG entry on merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

payload_size.usize() - 4 in _response_parser.pony subtracts without bounds check

2 participants

@SeanTAllen @ponylang-main