From 75aa29cd682c7df48be8d031287f92dcba575770 Mon Sep 17 00:00:00 2001 From: Nick Bolton Date: Tue, 28 Apr 2026 12:22:06 +0100 Subject: [PATCH 1/2] docs: update collaboration notes with working style and GitHub Actions guidelines --- CLAUDE.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CLAUDE.md b/CLAUDE.md index 96fe80d1e..0f05c431a 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,5 +1,13 @@ # Synergy — collaboration notes +## Working style + +- **Never configure or build unless explicitly asked.** No `cmake`, `cmake --build`, `make`, `ninja`, etc. After code changes, stop at the edit and ask the user to build manually. + +## GitHub Actions + +- `matrix` context is NOT available in job-level `if` — the `if` runs before the matrix is expanded. Use step-level `if` conditions instead (e.g. set a `skip` output in a setup step and check it per-step). + ## Code style - Default to **no comments**. Only add one when the WHY is non-obvious — hidden constraints, subtle invariants, workarounds for specific bugs, behavior that would surprise a reader. Never add comments that explain WHAT or HOW (well-named identifiers do that). From 3d0ea11ef520a4cc5b6613924fc998df9ef823b4 Mon Sep 17 00:00:00 2001 From: Nick Bolton Date: Tue, 28 Apr 2026 12:23:11 +0100 Subject: [PATCH 2/2] fix: add error handling for truncated clipboard data in unmarshall function --- src/lib/deskflow/IClipboard.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/lib/deskflow/IClipboard.cpp b/src/lib/deskflow/IClipboard.cpp index 02a044d5b..f0e7ee6e3 100644 --- a/src/lib/deskflow/IClipboard.cpp +++ b/src/lib/deskflow/IClipboard.cpp @@ -17,6 +17,7 @@ */ #include "deskflow/IClipboard.h" +#include "base/Log.h" #include "common/stdvector.h" // @@ -28,6 +29,7 @@ void IClipboard::unmarshall(IClipboard *clipboard, const String &data, Time time assert(clipboard != NULL); const char *index = data.data(); + const char *const end = index + data.size(); if (clipboard->open(time)) { // clear existing data @@ -35,10 +37,20 @@ void IClipboard::unmarshall(IClipboard *clipboard, const String &data, Time time // read the number of formats const UInt32 numFormats = readUInt32(index); + if (end - index < 4) { + LOG_ERR("clipboard unmarshall: truncated header"); + clipboard->close(); + return; + } index += 4; // read each format for (UInt32 i = 0; i < numFormats; ++i) { + // need 8 bytes for format id + payload size + if (end - index < 8) { + LOG_ERR("clipboard unmarshall: truncated format header at %u/%u", i, numFormats); + break; + } // get the format id IClipboard::EFormat format = static_cast(readUInt32(index)); index += 4; @@ -47,6 +59,12 @@ void IClipboard::unmarshall(IClipboard *clipboard, const String &data, Time time UInt32 size = readUInt32(index); index += 4; + // peer-supplied size must not exceed remaining buffer + if (size > static_cast(end - index)) { + LOG_ERR("clipboard unmarshall: payload size %u exceeds remaining %zd", size, end - index); + break; + } + // save the data if it's a known format. if either the client // or server supports more clipboard formats than the other // then one of them will get a format >= kNumFormats here.