Skip to content

notification: Initialise message #1694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 21, 2025
Merged

notification: Initialise message #1694

merged 1 commit into from
May 21, 2025

Conversation

@FintasticMan
Copy link
Member

@FintasticMan FintasticMan commented Mar 16, 2023
edited
Loading

Prevents reading uninitialised memory if notification gets cut off due to being more than 100 chars. The last character is assumed to be \0, but it is actually uninitialised.

@FintasticMan
notification: Initialise message
a7746d3 
Prevents reading uninitialised memory if notification gets cut off due
to being more than 100 chars. The last character is assumed to be \0, but
it is actually uninitialised.
@github-actions
Copy link

github-actions bot commented Mar 16, 2023

Build size and comparison to main:

Section Size Difference
text 406716B 80B
data 940B 0B
bss 53568B 0B

@FintasticMan FintasticMan added the maintenance Background work label Mar 16, 2023
@FintasticMan FintasticMan requested a review from a team March 16, 2023 21:27
@Riksu9000
Copy link
Contributor

Riksu9000 commented Mar 16, 2023

Can you show where and how this issue occurs, so we can verify it?

@FintasticMan
Copy link
Member Author

FintasticMan commented Mar 16, 2023

I don't think that this has ever caused an issue, but if a message gets sent to the watch with more than 100 chars, the first 100 are copied, where the last of those won't be a null-terminator. To solve that, the message array holds 101 chars, so that the last one will be a null-terminator. Except because it's not initialised, it is technically an indeterminate value unless explicitly written to.

This is just a memory safety change, and both AlertNotificationClient and AlertNotificationServer already explicitly add a trailing null-terminator (but I think they don't make use of that extra char stored in the array). We could instead trust that people writing code that sends notifications will remember to add the extra null-terminator if the message is too big.

@Riksu9000
Copy link
Contributor

Riksu9000 commented Mar 17, 2023

It would still be assuming that the struct is being used in the correct way. Someone could still fill the entire array. Maybe the public notification struct should use an std::string, which when pushing the notification would then be converted to a private format which uses a char array in a safe way.

@FintasticMan FintasticMan marked this pull request as draft June 17, 2023 17:04
@FintasticMan FintasticMan mentioned this pull request Oct 19, 2024
Merged
minacode
minacode approved these changes May 12, 2025
View reviewed changes
Copy link
Contributor

@minacode minacode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it. It's simple, clean and more sane. Any more complex refactoring can be done a new PR, if needed.

Haven't tested it, but the code change is so minimal that I would be very surprised if this breaks something.

@NeroBurner NeroBurner added this to the 1.16.0 milestone May 12, 2025
@NeroBurner
Copy link
Contributor

NeroBurner commented May 12, 2025

I agree. Minimal code change resulting in a sane memory default. @FintasticMan could you update this PR to see if it is still applicable or if we changed it already in a similar way since then?

@JF002
Copy link
Collaborator

JF002 commented May 16, 2025
edited
Loading

I think this PR is still applicable. The implementation of AlertNotificationClient and AlertNotificationServer should ensure that the last character of the array is a \0 but this is still safer to initialize the content of the array correctly.

The conflict that appears when rebasing should be quite easy to fix, it seems to be caused by the order of the fields that changed since this change was originally made.

@JF002 JF002 merged commit 0880b08 into InfiniTimeOrg:main May 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JF002 JF002 JF002 approved these changes

@minacode minacode minacode approved these changes

Assignees

No one assigned

Labels

maintenance Background work

Projects

None yet

Milestone

1.16.0

Development

Successfully merging this pull request may close these issues.

5 participants

@FintasticMan @Riksu9000 @NeroBurner @JF002 @minacode