Skip to content

Commit c1efce1

Browse files
CopilotEgorBoCopilot
authored
Use checked context for memcpy's like API invocations (#125759)
Validate that the length passed to `Buffer.MemoryCopy`, `Buffer.BlockCopy`, and `Unsafe.Copy*` doesn't silently overflow. <!-- START COPILOT CODING AGENT SUFFIX --> Created from Copilot CLI via the copilot delegate command. <!-- START COPILOT CODING AGENT TIPS --> --- 🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. [Learn more about Advanced Security.](https://gh.io/cca-advanced-security) --------- Co-authored-by: EgorBo <egorbo@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent 5220584 commit c1efce1

4 files changed

Lines changed: 9 additions & 8 deletions

File tree

src/libraries/System.Private.CoreLib/src/System/Diagnostics/Tracing/TraceLogging/DataCollector.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,7 @@ internal void AddArray(Array? value, int length, int itemSize)
194194
length = ushort.MaxValue;
195195
}
196196

197-
int size = length * itemSize;
197+
int size = checked(length * itemSize);
198198
if (this.bufferNesting != 0)
199199
{
200200
this.EnsureBuffer(size + 2);

src/libraries/System.Private.CoreLib/src/System/Diagnostics/Tracing/TraceLogging/FieldMetadata.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,7 @@ public void Encode(ref int pos, byte[]? metadata)
206206
if (metadata != null)
207207
{
208208
Debug.Assert(custom != null);
209+
Debug.Assert(pos >= 0 && this.fixedCount >= 0 && pos <= metadata.Length - this.fixedCount);
209210
Buffer.BlockCopy(custom, 0, metadata, pos, this.fixedCount);
210211
}
211212
pos += this.fixedCount;

src/libraries/System.Private.CoreLib/src/System/Security/SecureString.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -441,6 +441,8 @@ internal static unsafe void Copy(UnmanagedBuffer source, UnmanagedBuffer destina
441441
return;
442442
}
443443

444+
Debug.Assert(bytesLength <= destination.ByteLength);
445+
444446
byte* srcPtr = null, dstPtr = null;
445447
try
446448
{

src/libraries/System.Runtime.InteropServices.JavaScript/src/System/Runtime/InteropServices/JavaScript/JSHostImplementation.cs

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -109,25 +109,23 @@ public static async Task<JSObject> CancellationHelper(Task<JSObject> jsTask, Can
109109
public static unsafe JSFunctionBinding GetMethodSignature(ReadOnlySpan<JSMarshalerType> types, string? functionName, string? moduleName)
110110
{
111111
int argsCount = types.Length - 1;
112-
int size = JSFunctionBinding.JSBindingHeader.JSMarshalerSignatureHeaderSize + ((argsCount + 2) * sizeof(JSFunctionBinding.JSBindingType));
112+
int size = checked(JSFunctionBinding.JSBindingHeader.JSMarshalerSignatureHeaderSize + ((argsCount + 2) * sizeof(JSFunctionBinding.JSBindingType)));
113113

114114
int functionNameBytes = 0;
115115
int functionNameOffset = 0;
116116
if (functionName != null)
117117
{
118118
functionNameOffset = size;
119-
size += 4;
120-
functionNameBytes = functionName.Length * 2;
121-
size += functionNameBytes;
119+
functionNameBytes = checked(functionName.Length * 2);
120+
size = checked(size + 4 + functionNameBytes);
122121
}
123122
int moduleNameBytes = 0;
124123
int moduleNameOffset = 0;
125124
if (moduleName != null)
126125
{
127126
moduleNameOffset = size;
128-
size += 4;
129-
moduleNameBytes = moduleName.Length * 2;
130-
size += moduleNameBytes;
127+
moduleNameBytes = checked(moduleName.Length * 2);
128+
size = checked(size + 4 + moduleNameBytes);
131129
}
132130

133131
// this is never unallocated

0 commit comments

Comments
 (0)