fix(lora): address remaining CodeRabbit PR #414 review comments

- C++: use new(std::nothrow) to prevent std::bad_alloc across C boundary
- C++: fix dangling pointer on OOM during lora re-registration
- C++: add empty-path checks to load_lora and remove_lora
- Kotlin SDK: replace fragile regex JSON parsing with org.json
- Android: add HTTPS-only URL validation for adapter downloads
- Android: validate downloaded file size against catalog entry
- Android: fix concurrent refreshLoraState race condition
- Android: move LoraViewModel out of composable body in ChatScreen
- Android: wrap Timber.i in LaunchedEffect in MainActivity
- Docs: add per-function error codes to rac_lora_registry.h

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Siddhesh2377

examples/android/RunAnywhereAI/app/src/main/java/com/runanywhere/runanywhereai/MainActivity.kt

@@ -9,6 +9,7 @@ import androidx.compose.foundation.layout.fillMaxSize
 import androidx.compose.material3.MaterialTheme
 import androidx.compose.material3.Surface
 import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.collectAsState
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.rememberCoroutineScope
@@ -76,7 +77,7 @@ class MainActivity : ComponentActivity() {
             }
 
             is SDKInitializationState.Ready -> {
-                Timber.i("App is ready to use!")
+                LaunchedEffect(Unit) { Timber.i("App is ready to use!") }
                 AppNavigation()
             }
         }

examples/android/RunAnywhereAI/app/src/main/java/com/runanywhere/runanywhereai/presentation/chat/ChatScreen.kt

@@ -73,11 +73,13 @@ import java.util.Locale
 
 @OptIn(ExperimentalMaterial3Api::class)
 @Composable
-fun ChatScreen(viewModel: ChatViewModel = viewModel()) {
+fun ChatScreen(
+    viewModel: ChatViewModel = viewModel(),
+    loraViewModel: LoraViewModel = viewModel(),
+) {
     val uiState by viewModel.uiState.collectAsStateWithLifecycle()
     val listState = rememberLazyListState()
     val scope = rememberCoroutineScope()
-    val loraViewModel: LoraViewModel = viewModel()
 
     var showingConversationList by remember { mutableStateOf(false) }
     var showingModelSelection by remember { mutableStateOf(false) }

examples/android/RunAnywhereAI/app/src/main/java/com/runanywhere/runanywhereai/presentation/chat/ChatViewModel.kt

@@ -31,7 +31,9 @@ import com.runanywhere.sdk.public.extensions.LLM.ToolCallingOptions
 import com.runanywhere.sdk.public.extensions.LLM.ToolCallFormat
 import com.runanywhere.sdk.public.extensions.LLM.RunAnywhereToolCalling
 import com.runanywhere.runanywhereai.presentation.settings.ToolSettingsViewModel
+import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
+import kotlinx.coroutines.withContext
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonElement
@@ -801,10 +803,12 @@ class ChatViewModel(application: Application) : AndroidViewModel(application) {
     }
 
     /** Refresh LoRA loaded state for the active adapters indicator. */
+    private var loraRefreshJob: Job? = null
     fun refreshLoraState() {
-        viewModelScope.launch {
+        loraRefreshJob?.cancel()
+        loraRefreshJob = viewModelScope.launch {
             try {
-                val loaded = RunAnywhere.getLoadedLoraAdapters()
+                val loaded = withContext(Dispatchers.IO) { RunAnywhere.getLoadedLoraAdapters() }
                 _uiState.value = _uiState.value.copy(hasActiveLoraAdapter = loaded.isNotEmpty())
             } catch (e: Exception) {
                 Timber.e(e, "Failed to refresh LoRA state")

examples/android/RunAnywhereAI/app/src/main/java/com/runanywhere/runanywhereai/presentation/lora/LoraViewModel.kt

@@ -24,9 +24,11 @@ import kotlinx.coroutines.flow.asStateFlow
 import kotlinx.coroutines.flow.update
 import kotlinx.coroutines.ensureActive
 import kotlinx.coroutines.launch
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.withContext
 import java.io.File
-import java.net.URL
+import java.net.URI
 
 data class LoraUiState(
     val registeredAdapters: List<LoraAdapterCatalogEntry> = emptyList(),
@@ -47,6 +49,7 @@ class LoraViewModel(application: Application) : AndroidViewModel(application) {
     private val _uiState = MutableStateFlow(LoraUiState())
     val uiState: StateFlow<LoraUiState> = _uiState.asStateFlow()
     private var downloadJob: Job? = null
+    private val downloadMutex = Mutex()
 
     private val loraDir: File by lazy {
         File(application.filesDir, "lora_adapters").also { it.mkdirs() }
@@ -177,13 +180,42 @@ class LoraViewModel(application: Application) : AndroidViewModel(application) {
     private fun scanDownloadedAdapters(adapters: List<LoraAdapterCatalogEntry>): Map<String, String> {
         return adapters.mapNotNull { entry ->
             val file = File(loraDir, entry.filename)
+            // Validate resolved path stays under loraDir to prevent path traversal
+            if (!file.canonicalPath.startsWith(loraDir.canonicalPath + File.separator)) {
+                Timber.w("Skipping adapter with invalid filename (path traversal): ${entry.filename}")
+                return@mapNotNull null
+            }
             if (file.exists()) entry.id to file.absolutePath else null
         }.toMap()
     }
 
     /** Download a LoRA adapter GGUF file. */
     fun downloadAdapter(entry: LoraAdapterCatalogEntry) {
-        if (_uiState.value.downloadingAdapterId != null) return
+        viewModelScope.launch {
+            // Mutex ensures only one download starts even under concurrent calls
+            if (!downloadMutex.tryLock()) return@launch
+            try {
+                if (_uiState.value.downloadingAdapterId != null) return@launch
+                startDownload(entry)
+            } finally {
+                downloadMutex.unlock()
+            }
+        }
+    }
+
+    private fun startDownload(entry: LoraAdapterCatalogEntry) {
+        val destFile = File(loraDir, entry.filename)
+        // Validate resolved path stays under loraDir
+        if (!destFile.canonicalPath.startsWith(loraDir.canonicalPath + File.separator)) {
+            _uiState.update { it.copy(error = "Invalid adapter filename") }
+            return
+        }
+        // Only allow HTTPS downloads to prevent MITM attacks
+        val uri = try { URI(entry.downloadUrl) } catch (_: Exception) { null }
+        if (uri == null || uri.scheme?.lowercase() != "https") {
+            _uiState.update { it.copy(error = "Only HTTPS download URLs are allowed") }
+            return
+        }
 
         _uiState.update {
             it.copy(
@@ -194,12 +226,11 @@ class LoraViewModel(application: Application) : AndroidViewModel(application) {
         }
 
         downloadJob = viewModelScope.launch {
-            val destFile = File(loraDir, entry.filename)
             val tmpFile = File(loraDir, "${entry.filename}.tmp")
             var downloadComplete = false
             try {
                 withContext(Dispatchers.IO) {
-                    val connection = URL(entry.downloadUrl).openConnection().apply {
+                    val connection = URI(entry.downloadUrl).toURL().openConnection().apply {
                         connectTimeout = 30_000
                         readTimeout = 60_000
                     }
@@ -222,6 +253,13 @@ class LoraViewModel(application: Application) : AndroidViewModel(application) {
                             }
                         }
                     }
+                    // Validate downloaded file size if catalog provides one
+                    if (entry.fileSize > 0 && tmpFile.length() != entry.fileSize) {
+                        tmpFile.delete()
+                        throw Exception(
+                            "Downloaded file size (${tmpFile.length()}) does not match expected size (${entry.fileSize})"
+                        )
+                    }
                     destFile.delete()
                     if (!tmpFile.renameTo(destFile)) {
                         tmpFile.delete()
@@ -272,6 +310,11 @@ class LoraViewModel(application: Application) : AndroidViewModel(application) {
         viewModelScope.launch {
             try {
                 val file = File(loraDir, entry.filename)
+                // Validate resolved path stays under loraDir
+                if (!file.canonicalPath.startsWith(loraDir.canonicalPath + File.separator)) {
+                    _uiState.update { it.copy(error = "Invalid adapter filename") }
+                    return@launch
+                }
                 withContext(Dispatchers.IO) {
                     // Always try to unload — ignore errors if not loaded
                     try {

sdk/runanywhere-commons/include/rac/infrastructure/model_management/rac_lora_registry.h

@@ -44,7 +44,8 @@ typedef struct rac_lora_registry* rac_lora_registry_handle_t;
 /**
  * @brief Create a new LoRA adapter registry
  * @param out_handle Output: handle to the newly created registry
- * @return RAC_SUCCESS or error code
+ * @return RAC_SUCCESS, RAC_ERROR_INVALID_ARGUMENT (NULL out_handle),
+ *         or RAC_ERROR_OUT_OF_MEMORY
  */
 RAC_API rac_result_t rac_lora_registry_create(rac_lora_registry_handle_t* out_handle);
 
@@ -60,10 +61,12 @@ RAC_API void rac_lora_registry_destroy(rac_lora_registry_handle_t handle);
  * @brief Register a LoRA adapter entry in the registry
  *
  * The entry is deep-copied; the caller retains ownership of the original.
+ * If an entry with the same id already exists, it is replaced.
  *
  * @param handle Registry handle
  * @param entry Adapter entry to register (must have a non-NULL id)
- * @return RAC_SUCCESS or error code
+ * @return RAC_SUCCESS, RAC_ERROR_INVALID_ARGUMENT (NULL handle/entry/id),
+ *         or RAC_ERROR_OUT_OF_MEMORY
  */
 RAC_API rac_result_t rac_lora_registry_register(rac_lora_registry_handle_t handle,
                                                  const rac_lora_entry_t* entry);
@@ -84,7 +87,8 @@ RAC_API rac_result_t rac_lora_registry_remove(rac_lora_registry_handle_t handle,
  * @param handle Registry handle
  * @param out_entries Output: array of deep-copied entries (caller must free with rac_lora_entry_array_free)
  * @param out_count Output: number of entries
- * @return RAC_SUCCESS or error code
+ * @return RAC_SUCCESS, RAC_ERROR_INVALID_ARGUMENT (NULL params),
+ *         or RAC_ERROR_OUT_OF_MEMORY
  */
 RAC_API rac_result_t rac_lora_registry_get_all(rac_lora_registry_handle_t handle,
                                                 rac_lora_entry_t*** out_entries,
@@ -96,7 +100,8 @@ RAC_API rac_result_t rac_lora_registry_get_all(rac_lora_registry_handle_t handle
  * @param model_id Model ID to match against each entry's compatible_model_ids
  * @param out_entries Output: array of matching deep-copied entries (caller must free with rac_lora_entry_array_free)
  * @param out_count Output: number of matching entries
- * @return RAC_SUCCESS or error code
+ * @return RAC_SUCCESS, RAC_ERROR_INVALID_ARGUMENT (NULL params),
+ *         or RAC_ERROR_OUT_OF_MEMORY
  */
 RAC_API rac_result_t rac_lora_registry_get_for_model(rac_lora_registry_handle_t handle,
                                                       const char* model_id,
@@ -108,7 +113,8 @@ RAC_API rac_result_t rac_lora_registry_get_for_model(rac_lora_registry_handle_t
  * @param handle Registry handle
  * @param adapter_id ID of the adapter to look up
  * @param out_entry Output: deep-copied entry (caller must free with rac_lora_entry_free)
- * @return RAC_SUCCESS or RAC_ERROR_NOT_FOUND
+ * @return RAC_SUCCESS, RAC_ERROR_INVALID_ARGUMENT (NULL params),
+ *         RAC_ERROR_NOT_FOUND, or RAC_ERROR_OUT_OF_MEMORY
  */
 RAC_API rac_result_t rac_lora_registry_get(rac_lora_registry_handle_t handle,
                                             const char* adapter_id,

sdk/runanywhere-commons/src/features/llm/llm_component.cpp

@@ -782,7 +782,7 @@ extern "C" rac_result_t rac_llm_component_load_lora(rac_handle_t handle,
                                                      float scale) {
     if (!handle)
         return RAC_ERROR_INVALID_HANDLE;
-    if (!adapter_path)
+    if (!adapter_path || adapter_path[0] == '\0')
         return RAC_ERROR_INVALID_ARGUMENT;
 
     auto* component = reinterpret_cast<rac_llm_component*>(handle);
@@ -805,7 +805,7 @@ extern "C" rac_result_t rac_llm_component_remove_lora(rac_handle_t handle,
                                                        const char* adapter_path) {
     if (!handle)
         return RAC_ERROR_INVALID_HANDLE;
-    if (!adapter_path)
+    if (!adapter_path || adapter_path[0] == '\0')
         return RAC_ERROR_INVALID_ARGUMENT;
 
     auto* component = reinterpret_cast<rac_llm_component*>(handle);

sdk/runanywhere-commons/src/infrastructure/model_management/lora_registry.cpp

@@ -10,6 +10,7 @@
 #include <cstring>
 #include <map>
 #include <mutex>
+#include <new>
 #include <string>
 #include <vector>
 
@@ -21,6 +22,7 @@ struct rac_lora_registry {
     std::mutex mutex;
 };
 
+// Forward declaration — needed by deep_copy_lora_entry for OOM cleanup
 static void free_lora_entry(rac_lora_entry_t* entry);
 
 static rac_lora_entry_t* deep_copy_lora_entry(const rac_lora_entry_t* src) {
@@ -85,7 +87,8 @@ static void free_lora_entry(rac_lora_entry_t* entry) {
 
 rac_result_t rac_lora_registry_create(rac_lora_registry_handle_t* out_handle) {
     if (!out_handle) return RAC_ERROR_INVALID_ARGUMENT;
-    rac_lora_registry* registry = new rac_lora_registry();
+    rac_lora_registry* registry = new (std::nothrow) rac_lora_registry();
+    if (!registry) return RAC_ERROR_OUT_OF_MEMORY;
     RAC_LOG_INFO("LoraRegistry", "LoRA registry created");
     *out_handle = registry;
     return RAC_SUCCESS;
@@ -106,10 +109,11 @@ rac_result_t rac_lora_registry_register(rac_lora_registry_handle_t handle,
     if (!handle || !entry || !entry->id) return RAC_ERROR_INVALID_ARGUMENT;
     std::lock_guard<std::mutex> lock(handle->mutex);
     std::string adapter_id = entry->id;
-    auto it = handle->entries.find(adapter_id);
-    if (it != handle->entries.end()) { free_lora_entry(it->second); }
     rac_lora_entry_t* copy = deep_copy_lora_entry(entry);
     if (!copy) return RAC_ERROR_OUT_OF_MEMORY;
+    // Free old entry AFTER successful deep_copy to avoid dangling pointer on OOM
+    auto it = handle->entries.find(adapter_id);
+    if (it != handle->entries.end()) { free_lora_entry(it->second); }
     handle->entries[adapter_id] = copy;
     RAC_LOG_DEBUG("LoraRegistry", "LoRA adapter registered: %s", entry->id);
     return RAC_SUCCESS;

sdk/runanywhere-kotlin/src/jvmAndroidMain/kotlin/com/runanywhere/sdk/foundation/bridge/extensions/CppBridgeLoraRegistry.kt

@@ -9,6 +9,8 @@
 package com.runanywhere.sdk.foundation.bridge.extensions
 
 import com.runanywhere.sdk.native.bridge.RunAnywhereBridge
+import org.json.JSONArray
+import org.json.JSONObject
 
 object CppBridgeLoraRegistry {
     private const val TAG = "CppBridge/CppBridgeLoraRegistry"
@@ -49,20 +51,26 @@ object CppBridgeLoraRegistry {
         return parseLoraEntryArrayJson(json)
     }
 
-    // JSON Parsing
+    // JSON Parsing — uses org.json for correctness with special characters
 
-    private fun parseLoraEntryJson(json: String): LoraEntry? {
-        if (json == "null" || json.isBlank()) return null
+    private fun parseLoraEntryJson(obj: JSONObject): LoraEntry? {
         return try {
+            val id = obj.optString("id", "").takeIf { it.isNotEmpty() } ?: return null
+            val modelIds = mutableListOf<String>()
+            obj.optJSONArray("compatible_model_ids")?.let { arr ->
+                for (i in 0 until arr.length()) {
+                    arr.optString(i)?.takeIf { it.isNotEmpty() }?.let { modelIds.add(it) }
+                }
+            }
             LoraEntry(
-                id = extractString(json, "id") ?: return null,
-                name = extractString(json, "name") ?: "",
-                description = extractString(json, "description") ?: "",
-                downloadUrl = extractString(json, "download_url") ?: "",
-                filename = extractString(json, "filename") ?: "",
-                compatibleModelIds = extractStringArray(json, "compatible_model_ids"),
-                fileSize = extractLong(json, "file_size"),
-                defaultScale = extractFloat(json, "default_scale"),
+                id = id,
+                name = obj.optString("name", ""),
+                description = obj.optString("description", ""),
+                downloadUrl = obj.optString("download_url", ""),
+                filename = obj.optString("filename", ""),
+                compatibleModelIds = modelIds,
+                fileSize = obj.optLong("file_size", 0L),
+                defaultScale = obj.optDouble("default_scale", 0.0).toFloat(),
             )
         } catch (e: Exception) {
             log(LogLevel.ERROR, "Failed to parse LoRA entry JSON: ${e.message}")
@@ -71,50 +79,16 @@ object CppBridgeLoraRegistry {
     }
 
     private fun parseLoraEntryArrayJson(json: String): List<LoraEntry> {
-        if (json == "[]" || json.isBlank()) return emptyList()
-        val entries = mutableListOf<LoraEntry>()
-        var depth = 0; var objectStart = -1
-        for (i in json.indices) {
-            when (json[i]) {
-                '{' -> { if (depth == 0) objectStart = i; depth++ }
-                '}' -> {
-                    depth--
-                    if (depth == 0 && objectStart >= 0) {
-                        parseLoraEntryJson(json.substring(objectStart, i + 1))?.let { entries.add(it) }
-                        objectStart = -1
-                    }
-                }
+        if (json.isBlank() || json == "[]") return emptyList()
+        return try {
+            val array = JSONArray(json)
+            (0 until array.length()).mapNotNull { i ->
+                parseLoraEntryJson(array.getJSONObject(i))
             }
+        } catch (e: Exception) {
+            log(LogLevel.ERROR, "Failed to parse LoRA entry array JSON: ${e.message}")
+            emptyList()
         }
-        return entries
-    }
-
-    private fun extractString(json: String, key: String): String? {
-        val regex = Regex(""""$key"\s*:\s*"((?:[^"\\]|\\.)*)"""")
-        return regex.find(json)?.groupValues?.get(1)?.takeIf { it.isNotEmpty() }
-    }
-
-    private fun extractLong(json: String, key: String): Long {
-        val regex = Regex(""""$key"\s*:\s*(-?\d+)""")
-        return regex.find(json)?.groupValues?.get(1)?.toLongOrNull() ?: 0L
-    }
-
-    private fun extractFloat(json: String, key: String): Float {
-        val regex = Regex(""""$key"\s*:\s*(-?[\d.]+)""")
-        return regex.find(json)?.groupValues?.get(1)?.toFloatOrNull() ?: 0f
-    }
-
-    private fun extractStringArray(json: String, key: String): List<String> {
-        val keyMatch = Regex(""""$key"\s*:\s*\[""").find(json) ?: return emptyList()
-        val arrayStart = keyMatch.range.last + 1
-        var depth = 1; var pos = arrayStart
-        while (pos < json.length && depth > 0) {
-            when (json[pos]) { '[' -> depth++; ']' -> depth-- }; pos++
-        }
-        if (depth != 0) return emptyList()
-        val arrayContent = json.substring(arrayStart, pos - 1).trim()
-        if (arrayContent.isEmpty()) return emptyList()
-        return Regex(""""((?:[^"\\]|\\.)*)"""").findAll(arrayContent).map { it.groupValues[1] }.toList()
     }
 
     private enum class LogLevel { DEBUG, INFO, WARN, ERROR }