Skip to content

Fix panic in DTX readEntry on truncated auxiliary data #649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aluedeke wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Fix panic in DTX readEntry on truncated auxiliary data #649

aluedeke wants to merge 5 commits into from

Conversation

@aluedeke
Copy link
Collaborator

@aluedeke aluedeke commented Nov 28, 2025

Summary

Fixes a panic in readEntry() in dtxprimitivedictionary.go that occurs when the auxiliary payload is empty or shorter than expected.

Problem

The readEntry() function directly calls binary.LittleEndian.Uint32() without checking whether the input slice has at least 4 bytes. When the auxiliary payload is empty or truncated, this causes an out-of-range panic:

goroutine 3495138 [running]:
encoding/binary.littleEndian.Uint32(...)
    /opt/homebrew/Cellar/go/1.24.5/libexec/src/encoding/binary/binary.go:91
github.com/danielpaulus/go-ios/ios/dtx_codec.readEntry(...)
    .../dtxprimitivedictionary.go:181 +0x38c

Solution

  • readEntry() now returns an error instead of panicking
  • Added bounds checking before all slice accesses:
    • Check for at least 4 bytes before reading the type
    • Check for at least 8 bytes before reading uint32 values
    • Check for at least 12 bytes before reading int64 values
    • Check for sufficient bytes before reading variable-length data
  • DecodeAuxiliary() handles errors gracefully with warnings instead of crashing
  • Removed unused isNSKeyedArchiverEncoded function

Test plan

  • Build succeeds
  • Existing functionality preserved for valid data
  • Graceful handling of truncated/empty auxiliary payloads

Fixes #646

🤖 Generated with Claude Code

@aluedeke @claude
Fix panic in DTX readEntry on truncated auxiliary data
6e23d0a 
Added bounds checking to readEntry() to prevent panics when auxiliary
payload is empty or shorter than expected. The function now returns an
error instead of panicking, and DecodeAuxiliary handles errors gracefully.

Changes:
- readEntry() now returns error instead of panicking
- Added length checks before all slice accesses
- DecodeAuxiliary() loop terminates safely on insufficient data
- Removed unused isNSKeyedArchiverEncoded function

Fixes #646

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@aluedeke
Copy link
Collaborator Author

aluedeke commented Nov 28, 2025

@aa645508087 are you able to test this version and provide feedback?

@aa645508087
Copy link

aa645508087 commented Nov 28, 2025

@aluedeke Thanks for the fix! I’ll run verification on my side using multiple iPhones for a synchronized WDA stress test over an extended period. I’ll need about 1–2 days to complete the validation and will update you with the results.

@aa645508087
Copy link

aa645508087 commented Dec 1, 2025

@aluedeke
Thanks for the fix!
I’ve verified the patch by running six iOS devices in parallel with WDA for 24 hours, and there were no panics during the entire run. The issue looks fully resolved.

Great work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gmegidish gmegidish Awaiting requested review from gmegidish

@danielpaulus danielpaulus Awaiting requested review from danielpaulus

@dmissmann dmissmann Awaiting requested review from dmissmann

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

panic: runtime error: index out of range

4 participants

@aluedeke @aa645508087 @gmegidish