Skip to content

Harden common file helpers against null dereferences, fd 0 mishandling, and relative-path crashes#196

Draft
Copilot wants to merge 14 commits into
OniCodexfrom
copilot/improve-bug-hunting-techniques
Draft

Harden common file helpers against null dereferences, fd 0 mishandling, and relative-path crashes#196
Copilot wants to merge 14 commits into
OniCodexfrom
copilot/improve-bug-hunting-techniques

Conversation

Copilot AI commented Mar 18, 2026
edited
Loading

Copy link
Copy Markdown

This change addresses several severe bugs in the shared file utility layer. The failures were concentrated in src/common/utils/file.c: unsafe error paths in file I/O and a crash path when prepending to files addressed by relative path.

  • Safer file_read() / file_write() behavior

    • file_read() now returns NULL on fopen() or allocation failure instead of falling through into invalid buffer access.
    • file_write() now:
      • treats open() failure as -1 instead of misclassifying valid fd 0
      • uses a signed descriptor type
      • rejects short writes
      • closes the descriptor on write failure

  • Fix relative-path crash in file_add_line_to_beginning()

    • Handles filenames without / correctly instead of dereferencing a NULL dirname.
    • Replaces unbounded sprintf() with bounded snprintf() when constructing the temporary path.
    • Fails safely if the generated temp path would exceed the fixed buffer.

  • Focused regression coverage

    • Extends the host-runnable utility test to include file.c.
    • Adds regression cases for:
      • fd 0 reuse during file_write()
      • prepending to a file referenced by relative path
if ((fd = open(path, O_WRONLY)) == -1)
    return false;

written = write(fd, str, len);
if (written == -1) {
    close(fd);
    return false;
}
if ((size_t)written != len) {
    close(fd);
    return false;
}

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

Copilot AI and others added 3 commits March 18, 2026 18:45
@Amiga500
Fix str_count_char off-by-one
ea91d24 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
@Amiga500
Restore tracked SDL helper library
bb99bbc 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
@Amiga500
Optimize str_count_char loop
53f2ae1 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title [WIP] Refactor bug hunting strategies for better efficiency Fix off-by-one read in str_count_char Mar 18, 2026
Copilot AI requested a review from Amiga500 March 18, 2026 18:47
Copilot AI and others added 2 commits March 18, 2026 19:02
@Amiga500
Clamp negative serialized times
f212431 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
@Amiga500
Expand string utility regression tests
b24ee8e 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title Fix off-by-one read in str_count_char Harden shared string utilities against boundary and negative-time edge cases Mar 18, 2026
@Amiga500
Fix str_trim empty input handling
4267171 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title Harden shared string utilities against boundary and negative-time edge cases Harden shared string utilities against boundary and negative-input edge cases Mar 18, 2026
@Amiga500
Guard str_removeParentheses buffer writes
bfdc15a 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title Harden shared string utilities against boundary and negative-input edge cases Harden shared string utilities for empty-input, truncation, and negative-time edge cases Mar 18, 2026
Copilot AI and others added 2 commits March 18, 2026 19:44
@Amiga500
chore: finalize no-op validation
63f423f 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
@Amiga500
chore: restore tracked SDL library after test cleanup
49064d7 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title Harden shared string utilities for empty-input, truncation, and negative-time edge cases No-op PR: repository validation for unspecified issue Mar 18, 2026
Copilot AI and others added 2 commits March 18, 2026 20:09
@Amiga500
chore: outline plan for severe bug fixes
bc67b2a 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
@Amiga500
fix: harden file read and write helpers
791cab5 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title No-op PR: repository validation for unspecified issue Harden common file helpers against null dereferences and fd 0 misclassification Mar 18, 2026
Copilot AI and others added 2 commits March 18, 2026 20:32
@Amiga500
fix: handle relative paths in file prepend helper
351bb81 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
@Amiga500
test: restore stdin before asserting fd reuse case
ca8ca77 
Co-authored-by: Amiga500 <16525337+Amiga500@users.noreply.github.com>
Copilot AI changed the title Harden common file helpers against null dereferences and fd 0 misclassification Harden common file helpers against null dereferences, fd 0 mishandling, and relative-path crashes Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Amiga500 Amiga500 Awaiting requested review from Amiga500

Assignees

@Amiga500 Amiga500

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Amiga500