Skip to content

fix(ws): clamp int parsing (int32 overflow on malformed frames)#50

Merged
Reddimus merged 1 commit into
mainfrom
fix/ws-int-overflow-clamp
Jun 7, 2026
Merged

fix(ws): clamp int parsing (int32 overflow on malformed frames)#50
Reddimus merged 1 commit into
mainfrom
fix/ws-int-overflow-clamp

Conversation

@Reddimus

@Reddimus Reddimus commented Jun 7, 2026

Copy link
Copy Markdown
Owner

From the adversarially-verified SDK correctness audit. extract_int + the read_num orderbook lambda accumulated into a bare int32 → UB on out-of-range numeric fields from a malformed/hostile WS frame. Now int64-accumulate + saturate + clamp to int32 (mirrors extract_dollar_cents). Regression test added. 165/165 tests pass, lint clean.

The hand-rolled WS scanners accumulated into a bare int32 (`val=val*10+d`),
which silently overflows (UB) on an out-of-range numeric field from a
malformed/hostile frame. Both now accumulate in int64 with saturation and
clamp to the int32 range, mirroring extract_dollar_cents. Regression test
ExtractInt.OutOfRangeClampsInsteadOfOverflowing.
@Reddimus Reddimus merged commit dbdf50f into main Jun 7, 2026
4 checks passed
@Reddimus Reddimus deleted the fix/ws-int-overflow-clamp branch June 7, 2026 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant