Skip to content

Mitigate an out-of-bounds memory read #4590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 15, 2022
Merged

Mitigate an out-of-bounds memory read #4590

merged 1 commit into from
Jun 15, 2022

Conversation

glessard
Copy link
Contributor

Mitigate an oob memory read issue due to pointer conversion, by

  • adding overloads for String.init?(cString:encoding:) and String.init?(utf8String:)
  • enforcing null-termination precondition when possible
  • adding advisory deprecations for the obviously fixable cases
  • clarifying the null-termination precondition in doc-comments

A similar issue was resolved in the standard library in swiftlang/swift#42002

addresses rdar://93255079

glessard
glessard commented May 13, 2022
View reviewed changes
Sources/Foundation/NSStringAPI.swift
@@ -20,7 +20,7 @@
// This file is shared between two projects:
//
// 1. https://github.com/apple/swift/tree/master/stdlib/public/Darwin/Foundation
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is no longer the case. What should we say instead?

@glessard glessard requested a review from spevans May 13, 2022 21:10
@glessard
Copy link
Contributor Author

@swift-ci please test

@glessard glessard marked this pull request as ready for review May 15, 2022 08:00
@glessard glessard requested a review from millenomi May 15, 2022 08:00
@glessard
Copy link
Contributor Author

@swift-ci please test

@glessard
Mitigate out-of-bounds memory read
d8af9b6 
Mitigate an oob memory read issue due to pointer conversion, by
- adding overloads for `String.init?(cString:encoding:)` and `String.init?(utf8String:)`
- enforcing null-termination precondition when possible
- adding advisory deprecations for the obviously fixable cases
- clarifying the null-termination precondition in doc-comments

addresses rdar://93255079
@glessard
Copy link
Contributor Author

Squashed to a single commit…

@glessard
Copy link
Contributor Author

@swift-ci please test

@glessard glessard mentioned this pull request Jun 1, 2022
Merged
@millenomi millenomi merged commit a33fda9 into swiftlang:main Jun 15, 2022
@glessard glessard deleted the rdar93255079 branch June 15, 2022 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spevans spevans Awaiting requested review from spevans

@millenomi millenomi Awaiting requested review from millenomi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@glessard @millenomi