Skip to content

Add BUFFER_FIELD macro for safe pretty-printing of flexible array members#40273

Merged
benhillis merged 1 commit intomasterfrom
prettyprint-buffer-field
Apr 22, 2026
Merged

Add BUFFER_FIELD macro for safe pretty-printing of flexible array members#40273
benhillis merged 1 commit intomasterfrom
prettyprint-buffer-field

Conversation

@benhillis
Copy link
Copy Markdown
Member

@benhillis benhillis commented Apr 22, 2026

Message structs with flexible array members (char Buffer[], char Content[]) used FIELD() in PRETTY_PRINT, which streams the member as a C-string until a NUL byte is encountered. If the buffer happens to not be NUL-terminated (e.g. due to a truncated or malformed message), this could read past the intended bounds.

This PR adds:

  • A BUFFER_FIELD(Name) macro that computes safe bounds from Header.MessageSize
  • A PrettyPrintSafeBufferView helper that caps reads using strnlen
  • A std::string_view branch in the PrettyPrint template
  • Updates all 10 affected structs in lxinitshared.h to use BUFFER_FIELD

This matches the existing pattern in LX_GNS_RESULT which already excluded its Buffer from PRETTY_PRINT with the comment: 'Buffer' doesn't always contain a string, so don't pretty print it.

Copilot AI review requested due to automatic review settings April 22, 2026 19:01
@benhillis benhillis requested a review from a team as a code owner April 22, 2026 19:01
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens message PrettyPrint() output for structs that use flexible array members (e.g., char Buffer[] / char Content[]) by preventing unbounded C-string reads and instead printing a length-bounded view derived from Header.MessageSize.

Changes:

  • Add BUFFER_FIELD(Name) plus PrettyPrintSafeBufferView() to safely pretty-print flexible array members using strnlen and Header.MessageSize bounds.
  • Extend the PrettyPrint template to handle std::string_view.
  • Update affected message structs in lxinitshared.h to use BUFFER_FIELD instead of FIELD for flexible buffers.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/shared/inc/prettyprintshared.h Introduces bounded buffer pretty-print helper + macro, and adds std::string_view printing support.
src/shared/inc/lxinitshared.h Switches flexible-array fields in message structs to the new safe BUFFER_FIELD pretty-printing.

Comment thread src/shared/inc/prettyprintshared.h
OneBlue
OneBlue previously approved these changes Apr 22, 2026
View reviewed changes
Comment thread src/shared/inc/prettyprintshared.h Outdated
Add BUFFER_FIELD macro for safe pretty-printing of flexible array mem…
a5995ed 
…bers

Message structs with flexible array members (char Buffer[], char
Content[]) used FIELD() in PRETTY_PRINT, which streams the member as
a C-string until a NUL byte. Add a BUFFER_FIELD macro and
PrettyPrintSafeBufferView helper that bounds the read using
Header.MessageSize. Also add std::string_view handling to PrettyPrint.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@benhillis benhillis force-pushed the prettyprint-buffer-field branch from 40f495b to a5995ed Compare April 22, 2026 19:19
@benhillis benhillis enabled auto-merge (squash) April 22, 2026 20:35
@benhillis benhillis merged commit 8e1fafb into master Apr 22, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@OneBlue OneBlue OneBlue approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benhillis @OneBlue