Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid modification of user input data #1285

Merged
merged 6 commits into from
Dec 30, 2023

Conversation

ibc
Copy link
Member

@ibc ibc commented Dec 30, 2023

Fixes #1277

Details

Node

  • Ensure that user data given to public API functions is not internally modified (so clone it before using it).
  • Use proper utils.clone<T>(xxx) syntax everywhere.
  • Remove no longer needed functions in ortc.ts (unused since Flatbuffers migration).
  • Do not export unneeded functions in ortc.ts (keep them private).

Fixes #1277

### Details

**Node**

- Ensure that user data given to public API functions is not internally modified (so clone it before using it).
- Use proper `utils.clone<T>(xxx)` syntax everywhere.
- Remove no longer needed functions in `ortc.ts` (unused since Flatbuffers migration).
- Do not export unneeded functions in `ortc.ts` (keep them private).
node/src/Transport.ts Outdated Show resolved Hide resolved
Copy link
Collaborator

@nazar-pc nazar-pc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert all Rust changes, they are not idiomatic and not necessary.

Rust APIs should clearly specify what they need and not more. In this example functions already receive owned value of rtp_parameters that will be dropped at the end of the function because it will need an owned value and will be modifying it. All you're doing by cloning it is once more unnecessary allocation. If caller does have a spare value to give away, no extra allocation will be necessary with old API, if there isn't, the caller will have to do explicit clone. But getting value as an argument that you know will always be cloned is anti-pattern in Rust because it introduces unnecessary allocations that caller can't prevent.

Also it is not pretty to add cloned_ prefix or similar suffix to a variable in Rust. You can redefine variable name even with a different type if you need to in contrast to TypeScript.

@ibc
Copy link
Member Author

ibc commented Dec 30, 2023

If caller does have a spare value to give away, no extra allocation will be necessary with old API, if there isn't, the caller will have to do explicit clone. But getting value as an argument that you know will always be cloned is anti-pattern in Rust because it introduces unnecessary allocations that caller can't prevent.

Example:

  1. User defines media_codecs in a variable.
  2. User passes media_codecs to router1 = worker.create_router(media_codecs).
  3. media_codecs is internally modified by mediasoup. User doesn't know it.
  4. User passes same media_codecs variable to router2 = worker.create_router(media_codecs). At that time he is passing a modified media_codecs.
  5. Do we really want that?

Basically you are invalidating the whole purpose of this PR by arguing that the user should clone the data by himself if he doesn't want it to be potentially modified by mediasoup. I just don't get it.

@nazar-pc
Copy link
Collaborator

nazar-pc commented Dec 30, 2023

  1. User passes same media_codecs variable to router2 = worker.create_router(media_codecs). At that time he is passing a modified media_codecs.

Not possible, ownership of media_codecs will be transferred during the first call. You'll have to clone it during the first call or else it will not compile. This is not TypeScript and not C++.

@ibc
Copy link
Member Author

ibc commented Dec 30, 2023

ownership of media_codecs will be transferred during the first call

Ok, that solves it.

May I know how such a ownership transfer is declared in the code?

@nazar-pc
Copy link
Collaborator

nazar-pc commented Dec 30, 2023

May I know how such a ownership transfer is declared in the code?

If you specify a variable - you transfer ownership, if you want to give a reference to the data/borrow it, you use &foo or &mut foo explicitly.

@ibc ibc requested a review from nazar-pc December 30, 2023 15:27
@ibc
Copy link
Member Author

ibc commented Dec 30, 2023

Rust changes reverted.

Copy link
Collaborator

@nazar-pc nazar-pc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rust changes look fine to me 😂

@ibc
Copy link
Member Author

ibc commented Dec 30, 2023

Rust changes look fine to me 😂

Thanks, I had to investigate and learn a lot to write them properly.

@ibc ibc merged commit 90fff36 into v3 Dec 30, 2023
24 of 39 checks passed
@ibc ibc deleted the improve-ortc-and-avoid-input-data-modification branch December 30, 2023 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

Validation functions at ortc.ts file are modifying input data
3 participants