The GitHub Actions job "Fory CI" on fory.git/main has failed. Run started by GitHub user chaokunyang (triggered by chaokunyang).
Head commit for run: a565643ed0c3abf3fa786595f6f8dbf76a22cc5e / Shawn Yang <[email protected]> fix(c++): fix buffer read/write bound check (#3418) ## Why? This PR hardens C++ and Rust deserialization paths against truncated/corrupt inputs and prevents inconsistent type registration state. It also enforces that xlang/non-xlang payloads are deserialized by matching protocol configs. ## What does this PR do? - C++: lock type registration after first serialize/deserialize, and route all register APIs through guarded `register_type(...)`. - C++: reject protocol mismatch when payload `is_xlang` flag differs from local config. - C++: make `TypeResolver::register_type_internal` validate uniqueness before committing entries, so failed registrations do not leak partial type info. - C++: harden `TypeMeta` size handling and `Buffer` varint/fixed reads with strict bounds checks and non-advancing error behavior on truncated data. - Rust: add overflow-safe reader bound checks for fixed-width reads and `read_varuint36small`. - Rust: make row `get(...)` APIs return `Result` instead of panicking on out-of-bounds; propagate errors in map materialization. - Tests: add C++ serialization/buffer regression tests and Rust buffer/row tests covering the new error paths. ## Related issues - None. ## Does this PR introduce any user-facing change? - [x] Does this PR introduce any public API change? - [ ] Does this PR introduce any binary protocol compatibility change? ## Benchmark - N/A Report URL: https://github.com/apache/fory/actions/runs/22408294146 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
