Skip to content

Fix: Check flatbuffer integrity before parsing#1864

Open
AustinBenoit wants to merge 7 commits into
mainfrom
FixVulns
Open

Fix: Check flatbuffer integrity before parsing#1864
AustinBenoit wants to merge 7 commits into
mainfrom
FixVulns

Conversation

@AustinBenoit

@AustinBenoit AustinBenoit commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Description

Provide details of the change, and generalize the change in the PR title above.
Fix: Check flatbuffer integrity before parsing
Updated flatbuffer to latest version to get verify buffer Use strol for key parsing to ensure exceptions do not result in a crash.

Testing

Describe how you've tested these changes. Link any manually triggered Integration tests or CPP binary SDK Packaging Github Action workflows, if applicable.

Integration test in github

Type of Change

Place an x the applicable box:

  • Bug fix. Add the issue # below if applicable.
  • New feature. A non-breaking change which adds functionality.
  • Other, such as a build process or documentation change.

Notes

  • Bug fixes and feature changes require an update to the Release Notes section of release_build_files/readme.md.
  • Read the contribution guidelines CONTRIBUTING.md.
  • Changes to the public API require an internal API review. If you'd like to help us make Firebase APIs better, please propose your change in a feature request so that we can discuss it together.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 3, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the Flatbuffers dependency to a newer version, removes an obsolete patch file, and improves the robustness of the Remote Config desktop implementation. Specifically, it adds buffer verification before deserializing flexbuffers, enhances file path handling and error checking in the file manager, and replaces std::stoi with safer string-to-integer parsing in the metadata deserialization. The review feedback highlights critical improvements: ensuring robust overflow detection for std::strtol on LLP64 platforms (like Windows) by checking errno, preventing potential undefined behavior from a null package_name(), and explicitly including the necessary and headers.

Comment thread remote_config/src/desktop/metadata.cc
Comment on lines +84 to +92
char* endptr = nullptr;
long raw_key = std::strtol(key_str, &endptr, 10);
if (endptr == key_str || *endptr != '\0') {
continue;
}
if (raw_key < std::numeric_limits<int>::min() ||
raw_key > std::numeric_limits<int>::max()) {
continue;
}

@gemini-code-assist gemini-code-assist Bot Jun 3, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

On platforms where sizeof(long) == sizeof(int) (such as Windows, which uses the LLP64 model where long is 32-bit), std::strtol will overflow and return LONG_MAX or LONG_MIN for values outside the 32-bit signed integer range. In these cases, raw_key will be equal to INT_MAX or INT_MIN, and the range checks raw_key < std::numeric_limits<int>::min() and raw_key > std::numeric_limits<int>::max() will fail to detect the overflow.

To correctly detect overflow on all platforms, you should clear errno before calling std::strtol and check if errno == ERANGE afterwards.

Suggested change
char* endptr = nullptr;
long raw_key = std::strtol(key_str, &endptr, 10);
if (endptr == key_str || *endptr != '\0') {
continue;
}
if (raw_key < std::numeric_limits<int>::min() ||
raw_key > std::numeric_limits<int>::max()) {
continue;
}
char* endptr = nullptr;
errno = 0;
long raw_key = std::strtol(key_str, &endptr, 10);
if (endptr == key_str || *endptr != '\\0' || errno == ERANGE) {
continue;
}
if (raw_key < std::numeric_limits<int>::min() ||
raw_key > std::numeric_limits<int>::max()) {
continue;
}

Comment thread remote_config/src/desktop/file_manager.cc
Comment on lines 39 to +40
std::string app_data_prefix =
std::string(app.options().package_name()) + "/" + app.name();
std::string file_path =
AppDataDir(app_data_prefix.c_str(), /*should_create=*/true) + "/" +
filename;
std::string(app.options().package_name()) + "/remote_config";

@gemini-code-assist gemini-code-assist Bot Jun 3, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

If app.options().package_name() returns nullptr, constructing a std::string directly from it will result in undefined behavior (typically a crash). It is safer to perform a null check before constructing the string.

Suggested change
std::string app_data_prefix =
std::string(app.options().package_name()) + "/" + app.name();
std::string file_path =
AppDataDir(app_data_prefix.c_str(), /*should_create=*/true) + "/" +
filename;
std::string(app.options().package_name()) + "/remote_config";
const char* package_name = app.options().package_name();
std::string app_data_prefix =
std::string(package_name ? package_name : "") + "/remote_config";

Comment thread remote_config/src/desktop/metadata.cc
@AustinBenoit AustinBenoit added the tests-requested: full Trigger a FULL set of integration tests (uses expanded test matrix). label Jun 17, 2026
@github-actions github-actions Bot added tests: in-progress This PR's integration tests are in progress. and removed tests-requested: full Trigger a FULL set of integration tests (uses expanded test matrix). labels Jun 17, 2026
@github-actions

github-actions Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

❌  Integration test FAILED

Requested by @AustinBenoit on commit acf24f3
Last updated: Wed Jun 17 14:02 PDT 2026
View integration test log & download artifacts

Failures Configs
missing_log [TEST] [ERROR] [Linux] [1/2 ssl_lib: x86] [1/2 build_type: boringssl]
firestore [TEST] [FLAKINESS] [Android] [1/3 os: macos] [1/4 android_device: android_target]
(1 failed tests)  ValidationTest.QueriesCannotBeSortedByAnUncommittedServerTimestamp
[TEST] [FLAKINESS] [Android] [1/3 os: windows] [1/4 android_device: emulator_ftl_target]
(1 failed tests)  CRASH/TIMEOUT
installations [TEST] [FLAKINESS] [Android] [1/3 os: macos] [1/4 android_device: emulator_ftl_target]
(1 failed tests)  CRASH/TIMEOUT
messaging [TEST] [FLAKINESS] [Android] [1/3 os: windows] [1/4 android_device: android_target]
(1 failed tests)  FirebaseMessagingTest.TestSendMessageToToken
remote_config [TEST] [ERROR] [Android] [1/3 os: ubuntu] [1/4 android_device: emulator_ftl_target]
[TEST] [FLAKINESS] [Android] [1/3 os: macos] [1/4 android_device: emulator_ftl_target]
(1 failed tests)  CRASH/TIMEOUT

Add flaky tests to go/fpl-cpp-flake-tracker

@github-actions github-actions Bot added the tests: failed This PR's integration tests failed. label Jun 17, 2026
@firebase-workflow-trigger firebase-workflow-trigger Bot removed the tests: in-progress This PR's integration tests are in progress. label Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

tests: failed This PR's integration tests failed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AustinBenoit