Vendor #3
Draft
Vendor #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This should help detect errors such as invalid pointer in decoded structure.
This is actually fully defined behavior, but it still makes sense to cast here.
This stops ridicuously large mallocs from getting through on length-limited streams or buffers. Typically you should also override realloc() to limit allocation size yourself if dealing with untrusted data in pointer mode, but this at least limits the potential denial-of-service attacks.
Gives about 15% stack usage reduction.
Seems to be somehow environment dependent, as it only crashes with "Invalid argument" when run from the Jenkins job.
For Bazel build system support.
This regression was caused by commit edf6dcb. Added test coverage for it now.
…anopb#645) Comments from .proto file are now included automatically when .proto file is passed directly to nanopb_generator.py, and also when using protoc --nanopb_out=. When using --descriptor_out=, --include_source_info will need to be added to protoc command line. Added a simple test case for the comment generation.
…anopb#645) The old python-protobuf library didn't have __str__() handler for repeated fields, so have to convert to list() first.
…nanopb#617) Previous fix in commit ee1aff9 was incorrect. The descriptor array should be kept ordered and generator is now fixed to do so.
This partially reverts commit ee1aff9. Trying to handle the issue in pb_common.c is misguided. The generator has now been fixed to keep the descriptor array in sorted order.
Nanopb would call free() or realloc() on an invalid (attacker controlled) pointer value when all the following conditions are true: - PB_ENABLE_MALLOC is defined at the compile time - Message definition contains an oneof field, and the oneof contains at least one pointer type field and at least one non-pointer type field. - Data being decoded first contains a non-pointer value for the oneof field, and later contains an overwriting pointer value. Depending on message layout, the bug may not be exploitable in all cases, but it is known to be exploitable at least with string and bytes fields. Actual security impact will also depend on the heap implementation used.
Previously added static_message member of the oneof had the shortcoming that the first member of the submessage was also a pointer. So when it aliased with a pointer to a message, it was still a valid NULL pointer.
Also reorganized the script so that poetry build happens in a separate build folder instead of polluting the working tree. Including the generated file is a bit of a hack, but better than the alternative of it not working when installed system-wide.
This is related to the fallback logic that is used for encoded size calculations when dependent files cannot be found at generation time. Cache union and size definitions before writing it to file. Group entries under same cpp_guard in dictionary. Duplicated entries will be ignored due to set ignoring new entries. After that convert set to list and sort it. It prevents mess when regenerating files. Implementation by Jakub Tymejczyk in pull request nanopb#648, slightly modified for brevity.
shreyasbharath
approved these changes
Mar 23, 2021
|
It'd be nice to use the third party repo as is without creating our own repo? If we fix that generation problem and submit it upstream, we can get rid of this repo. |
We would if it worked out of the box, maybe it does now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The files are being generated in the wrong place (not in halter/xxx), we had a fix for this in our version that we'll need to bring in (or find out how to do it properly). Without this we get (for example)
notifications.h
but the files aren't in the halter/ directory because it seems to ignore the package name when generating the path