SVSim/SVSimServer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(battle-node): SocketIoFrame disposal safety + escaping + empty-args encoding

Browse Source 
- Wrap all JsonDocument.Parse calls in using blocks and Clone() each
  retained JsonElement to eliminate UAF hazard after GC.
- Use JsonSerializer.Serialize with UnsafeRelaxedJsonEscaping so event
  names with " or \ produce \" / \ rather than " / plain \;
  avoids malformed JSON on Encode().
- Guard the [ ] block in Encode() behind EventName-or-args check so
  Connect/Disconnect packets round-trip as bare "0"/"1" not "0[]".
- Add three regression tests: Connect no-bracket, Event round-trip,
  special-char event name escaping.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
gamer147
2026-05-31 21:46:02 -04:00
parent 8b1f613407
commit 6ff4f70f1a
2 changed files with 73 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
SVSim.UnitTests/BattleNode/Wire/SocketIoFrameTests.cs
View File

@@ -85,4 +85,34 @@ public class SocketIoFrameTests
var header = SocketIoFrame.Parse("51-[\"msg\",{\"_placeholder\":true,\"num\":0}]");
Assert.Throws<ArgumentException>(() => header.WithAttachments(Array.Empty<byte[]>()));
}
[Test]
public void Encode_ConnectPacket_HasNoBracketedArgs()
{
// Regression for an earlier bug where Encode always emitted "[]".
var frame = SocketIoFrame.Parse("0");
var (text, bins) = frame.Encode();
Assert.That(text, Is.EqualTo("0"));
Assert.That(bins, Is.Empty);
}
[Test]
public void ParseThenEncode_EventWithAck_RoundTripsByteForByte()
{
const string wire = "27[\"msg\",42]";
var frame = SocketIoFrame.Parse(wire);
var (text, _) = frame.Encode();
Assert.That(text, Is.EqualTo(wire));
}
[Test]
public void Encode_EventNameWithSpecialChars_IsJsonEscaped()
{
var frame = SocketIoFrame.BinaryEventWithAttachments(
eventName: "weird \"name\" with \\ backslash",
attachments: new[] { new byte[] { 0x00 } });
var (text, _) = frame.Encode();
// The event name must be JSON-escaped: each " becomes \", and the literal \ becomes \\.
Assert.That(text, Does.Contain("\"weird \\\"name\\\" with \\\\ backslash\""));
}
}