fix: bounds-check the IPC result before accessing. (electron#24041)

ckerr · web-flow · commit cbaaf6a34e28 · 2020-06-11T11:47:58.000-05:00
* fix: bounds-check the IPC result before accessing.

* fix: address feedback about safety checking JS too

* fix: address feedback: check JS array length, too.
diff --git a/lib/renderer/api/ipc-renderer.js b/lib/renderer/api/ipc-renderer.js
@@ -13,7 +13,11 @@ if (!ipcRenderer.send) {
   };
 
   ipcRenderer.sendSync = function (channel, ...args) {
-    return ipc.sendSync(internal, channel, args)[0];
+    const result = ipc.sendSync(internal, channel, args);
+    if (!Array.isArray(result) || result.length !== 1) {
+      throw new Error(`Unexpected return value from ipcRenderer.sendSync: ${result}`);
+    }
+    return result[0];
   };
 
   ipcRenderer.sendToHost = function (channel, ...args) {
diff --git a/shell/renderer/api/atom_api_renderer_ipc.cc b/shell/renderer/api/atom_api_renderer_ipc.cc
@@ -102,6 +102,10 @@ class IPCRenderer : public mate::Wrappable<IPCRenderer> {
 
     electron_browser_ptr_->MessageSync(internal, channel, std::move(arguments),
                                        &result);
+
+    if (!result.is_list() || result.GetList().empty())
+      return base::Value{};
+
     return std::move(result.GetList().at(0));
   }
 

Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,10 @@ class IPCRenderer : public mate::Wrappable<IPCRenderer> {`
`102`	`102`
`103`	`103`	`electron_browser_ptr_->MessageSync(internal, channel, std::move(arguments),`
`104`	`104`	`&result);`
	`105`	`+`
	`106`	`+ if (!result.is_list() \|\| result.GetList().empty())`
	`107`	`+ return base::Value{};`
	`108`	`+`
`105`	`109`	`return std::move(result.GetList().at(0));`
`106`	`110`	`}`
`107`	`111`