miantalha45 opened a new pull request, #3629:
URL: https://github.com/apache/fory/pull/3629

   ## Why
   
   This PR fixes two out-of-bounds bugs in the Dart runtime that were caused by 
trusting integer values read directly from the wire.
   
   A malformed payload can provide an invalid reference id or meta-string 
index, which currently leads to a `RangeError` instead of a controlled failure. 
In a server environment, this can be used as a denial-of-service vector by 
crashing the Dart process with a single crafted packet.
   
   ## What does this PR do?
   
   Bounds checking in `RefReader`:
   - Added range validation before reading or resolving a ref id.
   - This prevents out-of-bounds access when a malicious payload supplies a ref 
id larger than the current reference table.
   
   Bounds checking in `MetaStringReader`:
   - Added range validation before resolving a dynamic meta-string reference.
   - This prevents negative or out-of-range indexing when the header encodes an 
invalid reference.
   
   Security and regression tests:
   - Added focused tests for the malformed ref-id and meta-string-reference 
cases.
   - Added coverage for valid boundary cases to make sure normal edge values 
still work correctly.
   
   ## Related issues
   Closes #3627
   
   ## AI Contribution Checklist
   
   
   
   - [ ] Substantial AI assistance was used in this PR: `yes` / `no`
   - [ ] If `yes`, I included a completed [AI Contribution 
Checklist](https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs)
 in this PR description and the required `AI Usage Disclosure`.
   - [ ] If `yes`, my PR description includes the required `ai_review` summary 
and screenshot evidence of the final clean AI review results from both fresh 
reviewers on the current PR diff or current HEAD after the latest code changes.
   
   
   
   ## Does this PR introduce any user-facing change?
   
   
   
   - [ ] Does this PR introduce any public API change?
   - [ ] Does this PR introduce any binary protocol compatibility change?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to