Hacker News new | past | comments | ask | show | jobs | submit login

OK, AFAICT there is no bounds checking. When you want to read a message, you give FlatBuffers a bare pointer to the start of the message -- no size. So you can't use this to read data you don't trust I guess.

Which is an OK trade-off for certain situations (like reading your game data from disk). But... not for any kind of secure network protocol.

Maybe I'm missing something, though. I've only been looking at this for a few minutes.




> Which is an OK trade-off for certain situations (like reading your game data from disk).

Although in some cases this is how your fancy-pants console security gets busted. See: http://www.wiibrew.org/wiki/Twilight_Hack

(I realize you said "game data" and not "savegame data", but I think safe file reading is important pretty much everywhere)


It can be argued that arbitrary code execution capability in games on a locked platform are a feature rather than a bug :)


Most readers of binary file formats can be made to read memory outside the buffer by corrupting the data, and FlatBuffers is no different.

That said, an option to bounds-check every offset would be possible, at a certain cost. Might be a nice optional feature to have.


> Most readers of binary file formats can be made to read memory outside the buffer by corrupting the data

I'm pretty sure that would be considered a serious security bug for any format likely to be displayed in a web browser. For instance, an image format with such a bug would allow you to implement a heartbleed-like attack on a user's browser by displaying a malicious image and then reading back the pixel values. That would be very, very bad.

But I can believe that your statement applies to formats used by games for their own assets, where those assets come directly from the game developer.


> OK, AFAICT there is no bounds checking. When you want to read a message, you give FlatBuffers a bare pointer to the start of the message -- no size. So you can't use this to read data you don't trust I guess.

I think the key use case for FlatBuffers is mostly for very-high-performance communication between a set of processes that you control to scale out high-performance systems into distributed systems while keeping the communication overhead minimal, not for, e.g., communicating between untrusted machines over a public network. So, I don't see that as a huge problem in the key use case.


Would be a bad tradeoff even for trusted on-disk data, since disks are so glacially slow and serialization systems always run into bad data from time to time (due to fs data corruption, io errors, memory corrupting bugs, etc).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: