PrivHelper: fix two [de]serialization bugs

MichaelCuevas · facebook-github-bot · commit 126a29caaf26 · 2025-06-24T18:47:02.000-07:00
Summary: # This diff Fixes some [de]serialization logic in the PrivHelper. The two bugs were: 1) We were previously [de]serializing some values as uint32_t instead of int32_t 2) We were returning an uint64_t when deserializing a uint32_t. This caused us to potentially "narrow"/truncate values when assigning the result to a variable that's smaller than uint64_t. I have convinced myself that this should be safe, since: 1) For problem #1, we don't use signed values anywhere, so the change from uint32_t to int32_t should be no-op. Additionally, all the values we use are sufficiently small such that uint32_t -> int32_t shouldn't cause overflow. 2) For problem #2, the deserialized values should always be <= MAX_UINT32 because we only accept uint32_t values when serializing. In addition, no users of the function currently expect a uint64_t to be returned (they all accidentally truncate the value). Therefore, the change to the type should be no-op. Reviewed By: genevievehelsel Differential Revision: D77240439 fbshipit-source-id: 90a4c49a1bde8428e4a4c50c5665c4889743eeaa
diff --git a/eden/fs/privhelper/PrivHelperConn.cpp b/eden/fs/privhelper/PrivHelperConn.cpp
@@ -129,10 +129,18 @@ void serializeUint32(Appender& a, uint64_t val) {
   a.write<uint32_t>(val);
 }
 
-uint64_t deserializeUint32(Cursor& cursor) {
+uint32_t deserializeUint32(Cursor& cursor) {
   return cursor.read<uint32_t>();
 }
 
+void serializeInt32(Appender& a, int32_t val) {
+  a.write<int32_t>(val);
+}
+
+int32_t deserializeInt32(Cursor& cursor) {
+  return cursor.read<int32_t>();
+}
+
 void serializeSocketAddress(Appender& a, const folly::SocketAddress& addr) {
   bool isInet = addr.isFamilyInet();
   serializeBool(a, isInet);
@@ -168,9 +176,9 @@ void serializeNFSMountOptions(Appender& a, const NFSMountOptions& options) {
   serializeUint32(a, options.writeIOSize);
   serializeOption(a, options.directoryReadSize);
   serializeUint8(a, options.readAheadSize);
-  serializeUint32(a, options.retransmitTimeoutTenthSeconds);
+  serializeInt32(a, options.retransmitTimeoutTenthSeconds);
   serializeUint32(a, options.retransmitAttempts);
-  serializeUint32(a, options.deadTimeoutSeconds);
+  serializeInt32(a, options.deadTimeoutSeconds);
   serializeOption(a, options.dumbtimer);
 }
 
@@ -186,9 +194,9 @@ NFSMountOptions deserializeNFSMountOptions(Cursor& cursor) {
   options.writeIOSize = deserializeUint32(cursor);
   options.directoryReadSize = deserializeOption<uint32_t>(cursor);
   options.readAheadSize = deserializeUint8(cursor);
-  options.retransmitTimeoutTenthSeconds = deserializeUint32(cursor);
+  options.retransmitTimeoutTenthSeconds = deserializeInt32(cursor);
   options.retransmitAttempts = deserializeUint32(cursor);
-  options.deadTimeoutSeconds = deserializeUint32(cursor);
+  options.deadTimeoutSeconds = deserializeInt32(cursor);
   options.dumbtimer = deserializeOption<bool>(cursor);
   return options;
 }
