-
-
Notifications
You must be signed in to change notification settings - Fork 306
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: prevent possible overflow #1863
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1863 +/- ##
==========================================
+ Coverage 92.32% 92.35% +0.03%
==========================================
Files 200 200
Lines 9390 9390
==========================================
+ Hits 8669 8672 +3
+ Misses 721 718 -3
Continue to review full report at Codecov.
|
@@ -1122,7 +1122,8 @@ sentrycrashobjc_ivarValue(const void *const objectPtr, int ivarIndex, void *dst) | |||
return false; | |||
} | |||
uintptr_t ivarPtr = (uintptr_t)&ivars->first; | |||
const struct ivar_t *ivar = (void *)(ivarPtr + ivars->entsizeAndFlags * (unsigned)ivarIndex); | |||
const struct ivar_t *ivar |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
m
: Can we add a test for that in SentryCrashObjC_Tests
please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure how to construct a test case that would force the overflow condition. Did you have something in mind?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, now idea how to do this.
Opened a PR upstream: kstenerud/KSCrash#430. Will give maintainers there a while to comment before moving forward with this one, in case they point out anything we'd want to include here. |
It can be that it takes months until you get feedback @armcknight. I opened a simple PR on the first of April and didn't get any feedback yet, see kstenerud/KSCrash#427. |
My issue is open since February kstenerud/KSCrash#423 😂 |
https://github.com/getsentry/sentry-cocoa/security/code-scanning/1
#skip-changelog