Merge pull request #279 from mairinkdev/main

Fix silent buffer size truncation in Windows pread/pwrite

Author: glessard

Sources/System/Errno.swift

@@ -160,7 +160,7 @@ public struct Errno: RawRepresentable, Error, Hashable, Codable {
   /// No child processes.
   ///
   /// A `wait(2)` or `waitpid(2)` function was executed
-  /// by a process that dosn't have any existing child processes
+  /// by a process that doesn't have any existing child processes
   /// or whose child processes are all already being waited for.
   ///
   /// The corresponding C error is `ECHILD`.

Sources/System/Internals/WindowsSyscallAdapters.swift

@@ -149,6 +149,12 @@ internal func pread(
   let handle: intptr_t = _get_osfhandle(fd)
   if handle == /* INVALID_HANDLE_VALUE */ -1 { ucrt._set_errno(EBADF); return -1 }
 
+  // Windows ReadFile accepts DWORD (32-bit) for buffer size, so validate nbyte doesn't exceed it
+  if nbyte > Int(DWORD.max) {
+    ucrt._set_errno(EINVAL)
+    return -1
+  }
+
   // NOTE: this is a non-owning handle, do *not* call CloseHandle on it
   let hFile: HANDLE = HANDLE(bitPattern: handle)!
 
@@ -171,6 +177,12 @@ internal func pwrite(
   let handle: intptr_t = _get_osfhandle(fd)
   if handle == /* INVALID_HANDLE_VALUE */ -1 { ucrt._set_errno(EBADF); return -1 }
 
+  // Windows WriteFile accepts DWORD (32-bit) for buffer size, so validate nbyte doesn't exceed it
+  if nbyte > Int(DWORD.max) {
+    ucrt._set_errno(EINVAL)
+    return -1
+  }
+
   // NOTE: this is a non-owning handle, do *not* call CloseHandle on it
   let hFile: HANDLE = HANDLE(bitPattern: handle)!
 

Tests/SystemTests/FileOperationsTestWindows.swift

@@ -242,6 +242,53 @@ final class FileOperationsTestWindows: XCTestCase {
       }
     }
   }
+
+  /// Test that buffer sizes exceeding DWORD.max (4GB) are properly rejected
+  func testBufferSizeLimit() throws {
+    try withTemporaryFilePath(basename: "testBufferSizeLimit") { path in
+      let fd = try FileDescriptor.open(
+        path.appending("test.txt"),
+        .readWrite,
+        options: [.create, .truncate],
+        permissions: .ownerReadWrite
+      )
+      defer { try? fd.close() }
+
+      // Write some data first
+      try fd.writeAll("test data".utf8)
+
+      // Allocate a small buffer for testing
+      let buffer = UnsafeMutableRawBufferPointer.allocate(byteCount: 1024, alignment: 1)
+      defer { buffer.deallocate() }
+
+      // Test that a count exceeding DWORD.max (UInt32.max = 4,294,967,295) returns EINVAL
+      // We use a buffer pointer but pass a count > DWORD.max
+      let oversizedCount = Int(DWORD.max) + 1
+      let oversizedBuffer = UnsafeMutableRawBufferPointer(
+        start: buffer.baseAddress,
+        count: oversizedCount
+      )
+
+      // pread should fail with EINVAL
+      do {
+        _ = try fd.read(fromAbsoluteOffset: 0, into: oversizedBuffer)
+        XCTFail("Expected EINVAL for buffer size exceeding DWORD.max")
+      } catch let err as Errno {
+        XCTAssertEqual(err, .invalidArgument, "Expected EINVAL, got \(err)")
+      }
+
+      // pwrite should also fail with EINVAL
+      do {
+        _ = try fd.write(toAbsoluteOffset: 0, UnsafeRawBufferPointer(oversizedBuffer))
+        XCTFail("Expected EINVAL for buffer size exceeding DWORD.max")
+      } catch let err as Errno {
+        XCTAssertEqual(err, .invalidArgument, "Expected EINVAL, got \(err)")
+      }
+
+      // Verify that exactly DWORD.max works (if we had a buffer that large)
+      // We can't easily test this without allocating 4GB, but the boundary is correct
+    }
+  }
 }
 
 #endif // os(Windows)