Add runtime bounds guards to assert-only public entry points#146
Merged
Conversation
Public functions taking max_clients or a client index validated them with netcode_assert only, which compiles out under NDEBUG. In release builds, netcode_server_start( server, 500 ) wrote past the per-client arrays (sized NETCODE_MAX_CLIENTS), and the per-client accessors and loopback functions read or wrote out of bounds for an out of range client index. Every such entry point now pairs its asserts with runtime guards that return cleanly, following the existing pattern in the send packet paths. Guards are ordered before any assert that indexes an array, since a custom assert handler may continue past a failed assert. Also guards loopback packet sizes to (0, NETCODE_MAX_PACKET_SIZE], making loopback consistent with the network path, which rejects zero-byte payloads. Adds test_runtime_guards, which installs a continuing assert handler so the guards are exercised in debug builds as well as release, and verifies out of range arguments return cleanly without starting, connecting, or corrupting anything. Verified under ASan+UBSan. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the Debug-vs-Release memory-safety gap in the public API: functions taking
max_clientsor aclient_indexvalidated them withnetcode_assertonly, which compiles out underNDEBUG. In release builds,netcode_server_start( server, 500 )wrote past the per-client arrays, and the assert-only accessors (netcode_server_client_user_data,netcode_server_next_packet_sequence,netcode_server_client_loopback, the loopback connect/disconnect/process functions,netcode_server_send_packet,netcode_server_receive_packet,netcode_server_disconnect_client) read or wrote out of bounds for an out-of-range index.netcode_server_startlogs an error for out-of-rangemax_clients.(0, NETCODE_MAX_PACKET_SIZE], consistent with the network path's rejection of zero-byte payloads.test_runtime_guards(suite is now 38 tests) installs a continuing assert handler so the guards are exercised in Debug builds too, and verifies out-of-range arguments return cleanly without starting/connecting/corrupting anything.Test plan
🤖 Generated with Claude Code