Skip to content

fix(core): harden writer and node growth paths against integer overflow#120

Open
ngoyal88 wants to merge 2 commits intoludocode:developfrom
ngoyal88:develop
Open

fix(core): harden writer and node growth paths against integer overflow#120
ngoyal88 wants to merge 2 commits intoludocode:developfrom
ngoyal88:develop

Conversation

@ngoyal88
Copy link
Copy Markdown

@ngoyal88 ngoyal88 commented Apr 25, 2026
edited
Loading

PR Description

Summary

  • Add overflow checks to growable writer resize logic in src/mpack/mpack-writer.c.
  • Add overflow-safe arithmetic checks in tree parsing and node page allocation logic in src/mpack/mpack-node.c.
  • Preserve existing behavior for normal inputs; fail deterministically on unrepresentable sizes.

Problem

Both writer growth and node parsing/allocation paths used unchecked size_t arithmetic in boundary-sensitive code.
With extreme input sizes, this can cause wraparound and lead to incorrect bounds decisions, allocation-size corruption, or non-terminating growth behavior.

Changes

src/mpack/mpack-writer.c

  • Guard used + count before growth computations.
  • Saturate doubling growth to avoid multiplication overflow.
  • Return mpack_error_memory when growth target is not representable.

src/mpack/mpack-node.c

  • Replace overflow-prone checks using direct addition with subtraction-based guards.
  • Add checked logic for node_count + total against max_nodes.
  • Add checked allocation-size calculation for child page allocation (total - 1 multiplier path).

Validation

  • Control-size scenarios behave unchanged.
  • Large boundary probes now fail fast and safely instead of depending on wrapped arithmetic.

Risk

Low. Changes are localized, minimal, and only affect overflow-edge arithmetic and error handling paths.

ngoyal88 added 2 commits April 25, 2026 19:58
@ngoyal88
fix(writer): harden growable buffer resize overflow checks
c71c162 
Guard `used + count` and resize doubling arithmetic in `mpack_growable_writer_flush()` to prevent `size_t` wraparound. Return `mpack_error_memory` on unrepresentable growth requests instead of entering unsafe/non-terminating resize behavior.
@ngoyal88
fix(node): add overflow-safe bounds checks for node parsing and alloc…
32c0c47 
…ation

Prevent `size_t` wraparound in tree parsing/accounting paths by validating arithmetic before use:
- guard `data_length + bytes` checks in reserve/growth logic
- guard `node_count + total` against max node limit overflow
- guard dynamic page allocation size computation for child nodes
Fail safely with existing MPack error paths (`mpack_error_too_big` / `mpack_error_memory`) instead of relying on wrapped arithmetic.
@ngoyal88 ngoyal88 changed the title fix(writer): harden growable buffer resize overflow checks fix(core): harden writer and node growth paths against integer overflow Apr 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ngoyal88