Skip to content

πŸ›‘οΈ Sentinel: [MEDIUM] Fix Unbounded Queue in AsyncLogger (DoS Risk)#105

Closed
TECHNICANGEL wants to merge 2 commits intomasterfrom
sentinel-async-logger-dos-fix-1605893467452341648
Closed

πŸ›‘οΈ Sentinel: [MEDIUM] Fix Unbounded Queue in AsyncLogger (DoS Risk)#105
TECHNICANGEL wants to merge 2 commits intomasterfrom
sentinel-async-logger-dos-fix-1605893467452341648

Conversation

@TECHNICANGEL
Copy link
Owner

@TECHNICANGEL TECHNICANGEL commented Feb 19, 2026

This PR addresses a potential Denial of Service (DoS) vulnerability in the AsyncLogger class where the message queue was unbounded.

Changes:

  • Added MAX_QUEUE_SIZE = 10000 constant to AsyncLogger.h.
  • Modified log() method to check queue size before pushing.
  • Implemented logic to drop messages when the queue is full.
  • Added a rate-limited warning to std::cerr (prints once until queue drains) to alert developers of the overflow condition without flooding logs.

Verification:

  • Created a reproduction test case repro_logger_dos.cpp that pushed 20,000 messages.
  • Confirmed that the test completed successfully (no crash).
  • Confirmed that the warning [Security] AsyncLogger queue full (10000 messages). Dropping logs to prevent DoS. was printed to stderr.
  • Confirmed that the warning mechanism resets correctly when the queue empties.

PR created automatically by Jules for task 1605893467452341648 started by @TECHNICANGEL

@google-labs-jules @TECHNICANGEL
πŸ›‘οΈ Sentinel: [MEDIUM] Fix Unbounded Queue in AsyncLogger (DoS Risk)
81e88ba 
🚨 Severity: MEDIUM
πŸ’‘ Vulnerability: Unbounded queue in AsyncLogger (CWE-400) could lead to memory exhaustion DoS if logs are generated faster than I/O.
🎯 Impact: Application crash due to OOM during high load or infinite loops.
πŸ”§ Fix: Implemented a bounded queue (MAX_QUEUE_SIZE = 10000) that drops messages and warns to stderr when full.
βœ… Verification: Verified with `repro_logger_dos.cpp` that the application survives a message flood and prints the security warning.

Co-authored-by: TECHNICANGEL <197574689+TECHNICANGEL@users.noreply.github.com>
@google-labs-jules
Copy link

google-labs-jules bot commented Feb 19, 2026

πŸ‘‹ Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a πŸ‘€ emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@google-labs-jules @TECHNICANGEL
πŸ›‘οΈ Sentinel: Fix redefinition error in main.cpp for Windows CI
c6a40ef 
Removed duplicate declarations of `currentFPS` and `frameTimeMs` in `RacingEngine` class which were causing MSVC compilation error C2086.
This follows up on the AsyncLogger fix to ensure the build passes.

Co-authored-by: TECHNICANGEL <197574689+TECHNICANGEL@users.noreply.github.com>
@TECHNICANGEL TECHNICANGEL deleted the sentinel-async-logger-dos-fix-1605893467452341648 branch February 23, 2026 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TECHNICANGEL