Daemon icon indicating copy to clipboard operation
Daemon copied to clipboard
Published 4 months ago verified publisher icon DaemonEngine

IPC: Unsound handling of bools

Open slipher opened this issue 7 years ago • 2 comments

The IPC serialization code assumes that any POD type can be communicated by simply copying the memory. This is a problem if not every possible sequence of bytes represents a valid value.

In particular, the assumption opens the possibility of sending spooky bools which behave as true in some contexts and false in others, or have values other than 0 or 1 after an integer promotion.

Of course it's easy to make a specialization for bool itself, but bools in structs pose much more of a problem. There are various large structs which are serialized by copying, some of which contain bools. Maybe we would need some static analysis to prevent any bools from being added to them.

slipher avatar Dec 29 '18 10:12 slipher

ya, we've had this issue with vector bools as well...though we just made a specialization for it.

DolceTriade avatar Jan 01 '19 10:01 DolceTriade

vector<bool> is a different issue: when you index into it you get a proxy object instead of bool& and the serialization code wouldn't/shouldn't know how to copy the proxy object.

slipher avatar Jan 01 '19 10:01 slipher