Bound process name buffer in crash dump handler#40274
Merged
Conversation
CollectCrashDumps cast the LX_PROCESS_CRASH flexible array member Buffer to const char* without verifying NUL-termination. Use the response span from Receive() to compute the exact buffer size, then construct a bounded std::string via strnlen. Also fix undefined behavior in std::isalnum with negative char values. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens crash dump collection in WslCoreVm::CollectCrashDumps() by ensuring the guest-provided process name is handled as a bounded buffer, preventing out-of-bounds reads and eliminating undefined behavior during filename sanitization.
Changes:
- Compute the received
LX_PROCESS_CRASH::Bufferlength from the actual response span and build a boundedstd::string. - Replace raw
const char*usage with a safe, length-bounded process name for formatting and telemetry. - Fix
std::isalnumundefined behavior by castingchartounsigned charbefore classification.
OneBlue
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CollectCrashDumpscasts theLX_PROCESS_CRASHflexible array memberBuffertoconst char*without verifying NUL-termination. If the buffer is not NUL-terminated (e.g. a truncated or malformed message), this could read past the intended bounds.This PR:
Receive()to compute the exact buffer sizestd::stringviastrnleninstead of using a rawconst char*std::isalnumwhen called with negativecharvalues by casting tounsigned char