Merge branch 'main' of https://github.com/nanoframework/nf-interpreter

Author: actions-user

src/CLR/Core/CLR_RT_HeapBlock_Array.cpp

@@ -322,6 +322,20 @@ HRESULT CLR_RT_HeapBlock_Array::Copy(
             dataSrc += indexSrc * sizeElem;
             dataDst += indexDst * sizeElem;
 
+#if !defined(BUILD_RTM)
+            // Validate pointers and memory ranges
+            if (dataSrc == nullptr || dataDst == nullptr ||
+                dataSrc + length * sizeElem > arraySrc->GetFirstElement() + arraySrc->m_numOfElements * sizeElem ||
+                dataDst + length * sizeElem > arrayDst->GetFirstElement() + arrayDst->m_numOfElements * sizeElem)
+            {
+#ifdef DEBUG
+                _ASSERTE(FALSE);
+#endif
+
+                NANOCLR_SET_AND_LEAVE(CLR_E_OUT_OF_RANGE);
+            }
+#endif
+
             if (!arraySrc->m_fReference)
             {
                 memmove(dataDst, dataSrc, length * sizeElem);

src/CLR/Core/GarbageCollector_Compaction.cpp

@@ -256,6 +256,16 @@ void CLR_RT_GarbageCollector::Heap_Compact()
 
                     freeRegion->Unlink();
 
+#ifdef _DEBUG
+
+                    _ASSERTE(relocCurrent->m_destination >= (CLR_UINT8 *)g_CLR_RT_ExecutionEngine.m_heap.FirstNode());
+                    _ASSERTE(relocCurrent->m_destination < (CLR_UINT8 *)g_CLR_RT_ExecutionEngine.m_heap.LastNode());
+                    _ASSERTE(relocCurrent->m_start >= (CLR_UINT8 *)g_CLR_RT_ExecutionEngine.m_heap.FirstNode());
+                    _ASSERTE(relocCurrent->m_start < (CLR_UINT8 *)g_CLR_RT_ExecutionEngine.m_heap.LastNode());
+                    _ASSERTE(moveBytes <= freeRegion_Size);
+
+#endif
+
                     memmove(relocCurrent->m_destination, relocCurrent->m_start, moveBytes);
 
                     if (freeRegion_Size)

src/CLR/WireProtocol/WireProtocol_Message.c

@@ -62,12 +62,7 @@ bool IsMarkerMatched(void *header, const void *marker, size_t len)
     return memcmp(header, marker, len) == 0;
 }
 
-void ShiftBufferToLeft(void *buffer, uint32_t len)
-{
-    memmove((uint8_t *)buffer, ((uint8_t *)buffer + 1), len - 1);
-}
-
-void SyncToMessageStart()
+bool SyncToMessageStart()
 {
     uint32_t len;
 
@@ -88,16 +83,33 @@ void SyncToMessageStart()
             break;
         }
 
-        ShiftBufferToLeft(&_inboundMessage.m_header, len);
+        // Calculate the source and destination pointers
+        uint8_t *src = (uint8_t *)&_inboundMessage.m_header + 1;
+        uint8_t *dst = (uint8_t *)&_inboundMessage.m_header;
+        size_t moveLength = len - 1;
 
-        // update pointer and expected size
+        // Ensure that the memory regions do not exceed allocated bounds
+        if ((src + moveLength >= (uint8_t *)&_inboundMessage + sizeof(_inboundMessage)) ||
+            (dst + moveLength >= (uint8_t *)&_inboundMessage + sizeof(_inboundMessage)))
+        {
+            return false;
+        }
+
+        // Perform the memory move
+        memmove(dst, src, moveLength);
+
+        // Update pointer and expected size
         _pos--;
         _size++;
 
-        // sanity checks
-        _ASSERTE(_size <= sizeof(_inboundMessage.m_header));
-        _ASSERTE(_pos >= (uint8_t *)&(_inboundMessage.m_header));
+        // Sanity checks
+        if (_size > sizeof(_inboundMessage.m_header) || _pos < (uint8_t *)&_inboundMessage.m_header)
+        {
+            return false;
+        }
     }
+
+    return true;
 }
 
 void WP_ReplyToCommand(WP_Message *message, uint8_t fSuccess, uint8_t fCritical, void *ptr, uint32_t size)
@@ -357,7 +369,16 @@ void WP_Message_Process()
                     }
                 }
 
-                SyncToMessageStart();
+                if (!SyncToMessageStart())
+                {
+                    // something went wrong
+                    TRACE0(TRACE_ERRORS, "RxError: Failed to sync to message start\n");
+
+                    RestartStateMachine();
+
+                    // exit the loop to allow other RTOS threads to run
+                    return;
+                }
 
                 if (len >= sizeof(_inboundMessage.m_header.m_signature))
                 {