From 81e88bae2238a626a6bedcd3cfa9c16a42dd8f09 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Thu, 19 Feb 2026 19:20:57 +0000 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[MEDIUM?= =?UTF-8?q?]=20Fix=20Unbounded=20Queue=20in=20AsyncLogger=20(DoS=20Risk)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🚨 Severity: MEDIUM 💡 Vulnerability: Unbounded queue in AsyncLogger (CWE-400) could lead to memory exhaustion DoS if logs are generated faster than I/O. 🎯 Impact: Application crash due to OOM during high load or infinite loops. 🔧 Fix: Implemented a bounded queue (MAX_QUEUE_SIZE = 10000) that drops messages and warns to stderr when full. ✅ Verification: Verified with `repro_logger_dos.cpp` that the application survives a message flood and prints the security warning. Co-authored-by: TECHNICANGEL <197574689+TECHNICANGEL@users.noreply.github.com> --- src/AsyncLogger.h | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/AsyncLogger.h b/src/AsyncLogger.h index 5c2ccdc..76a54f0 100644 --- a/src/AsyncLogger.h +++ b/src/AsyncLogger.h @@ -12,7 +12,7 @@ class AsyncLogger { public: - AsyncLogger() : exitFlag(false) { + AsyncLogger() : exitFlag(false), queueFullWarningShown(false) { worker = std::thread([this] { processQueue(); }); @@ -32,17 +32,27 @@ class AsyncLogger { void log(const std::string& message) { { std::lock_guard lock(queueMutex); + if (msgQueue.size() >= MAX_QUEUE_SIZE) { + if (!queueFullWarningShown) { + std::cerr << "[Security] AsyncLogger queue full (" << MAX_QUEUE_SIZE + << " messages). Dropping logs to prevent DoS.\n"; + queueFullWarningShown = true; + } + return; + } msgQueue.push(message); } cv.notify_one(); } private: + const size_t MAX_QUEUE_SIZE = 10000; std::thread worker; std::queue msgQueue; std::mutex queueMutex; std::condition_variable cv; bool exitFlag; + bool queueFullWarningShown; void processQueue() { while (true) { @@ -63,6 +73,11 @@ class AsyncLogger { std::cout << msg << std::flush; lock.lock(); } + + // Reset warning flag when queue is empty + if (msgQueue.empty()) { + queueFullWarningShown = false; + } } } }; From c6a40efd5eae35a61bece18be54dc03a5b1c9f4a Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Thu, 19 Feb 2026 19:24:04 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20Fix=20r?= =?UTF-8?q?edefinition=20error=20in=20main.cpp=20for=20Windows=20CI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removed duplicate declarations of `currentFPS` and `frameTimeMs` in `RacingEngine` class which were causing MSVC compilation error C2086. This follows up on the AsyncLogger fix to ensure the build passes. Co-authored-by: TECHNICANGEL <197574689+TECHNICANGEL@users.noreply.github.com> --- src/main.cpp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 3503741..a1772aa 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -187,10 +187,6 @@ class RacingEngine { // Async Logger AsyncLogger logger; - // UX State Tracking - float currentFPS = 0.0f; - float frameTimeMs = 0.0f; - void updateWindowTitle() { glm::vec3 pos = camera.getPosition(); char title[512];