-
-
Notifications
You must be signed in to change notification settings - Fork 410
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing index check on desc_table array access in runtime deserialization pony_deserialise_offset #4297
Comments
We don't have any good way to deal with errors of this sort in the serialization of this sort. Some investigation of what we should do when we get unexpected values. Serialization was written for "totally trusted/may segfault". We probably want to throw an error but we need to verify that we are always good for doing it. |
What probably needs to happen for the error case is to call the "throw fn" passed to serialise_cleanup(ctx);
ctx->serialise_throw();
abort(); |
Inside
pony_deserialise_offset
, If no type is defined for the deserialisation, the type is read from the serialized stream:ponyc/src/libponyrt/gc/serialise.c
Lines 281 to 282 in b1fe1a0
The index
id
should be validated to be lower than the value ofdesc_table_size
.Note:
The text was updated successfully, but these errors were encountered: