Skip to content

fix: bail from client_input when input buffer reservation fails#36

Merged
tobez merged 2 commits into
mainfrom
client-input-reserve-buffer-check
Jul 9, 2026
Merged

fix: bail from client_input when input buffer reservation fails#36
tobez merged 2 commits into
mainfrom
client-input-reserve-buffer-check

Conversation

@tobez

@tobez tobez commented Jul 9, 2026

Copy link
Copy Markdown
Owner

What

client_input() fed freshly-read bytes into the connection's msgpack unpacker
without checking whether the buffer reservation succeeded. On an allocation
failure the reservation returns false, after which the code copied the read data
into a buffer that was never grown — a heap buffer overrun, reachable only under
memory exhaustion.

The read-and-feed logic is now factored into feed_client_unpacker(), which
reports a failed reservation instead of copying past the buffer. client_input()
tears the connection down via client_gone() on failure, matching how it already
handles EOF and peer resets.

Why

Under memory pressure a client connection should be dropped cleanly rather than
corrupting the daemon's heap. Surfaced during review of a since-rejected PR that
misdiagnosed the surrounding code but pointed at this real (if minor) gap.

Testing

  • New unit test in t/test_msgpack.c exercises feed_client_unpacker():
    a normal chunk feeds and parses; an impossibly large reservation returns
    -1 instead of overrunning (this case segfaulted before the fix).
  • make test — full suite passes (397 tests).
  • scan-build make — "No bugs found".

@tobez tobez merged commit 16d54ad into main Jul 9, 2026
3 checks passed
@tobez tobez deleted the client-input-reserve-buffer-check branch July 9, 2026 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant