validate memory bounds

Always validate array and string bounds before accessing memory to prevent out-of-bounds access and potential crashes. When working with strings or arrays, especially those with known length information, check indices against the actual length before dereferencing pointers.

copy reviewer prompt

Prompt

Reviewer Prompt
Deploy Agent

Always validate array and string bounds before accessing memory to prevent out-of-bounds access and potential crashes. When working with strings or arrays, especially those with known length information, check indices against the actual length before dereferencing pointers.

Key practices:

  • Use available length information (like GoString.len) instead of relying on null terminators
  • Check array indices against length before access
  • Validate pointer bounds in loops and string operations

Example from the codebase:

// Before accessing pos[i], always check bounds
if (i >= src->len) {
    return ERR_INVAL;  // Handle out-of-bounds case
}

// In string comparison, use length-bounded operations
static int _strcmp(const char *p, const char *q, size_t max_len) {
    size_t i = 0;
    while (i < max_len && *p && *q && *p == *q) {
        p++; q++; i++;
    }
    // Safe comparison within bounds
}

This prevents accessing invalid memory addresses that could lead to undefined behavior, crashes, or security vulnerabilities.

Source discussions