Check that a CDR boolean is received as 0 or 1, if another value it i…

[jwillemsen]

…s an error

* ACE/ace/CDR_Stream.cpp:
* ACE/ace/CDR_Stream.inl:
* ACE/tests/CDR_Test.cpp:
* TAO/tao/AnyTypeCode/append.cpp:

Summary by CodeRabbit

• Bug Fixes

  • Improved error propagation and early exit when boolean values or boolean arrays are invalid, preventing silent failures.
  • Enhanced validation to reject corrupt boolean values and tightened character-path null checks for greater stability.

• Tests

  • Added tests covering invalid boolean values and boolean-array scenarios to ensure proper detection and handling.

• Refactor

  • Minor initialization and formatting cleanups to reduce indeterminate behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Boolean deserialization now validates values (only 0 or 1), propagates failures immediately when reading boolean arrays, switches a translator null-check to nullptr, flips several array-success condition checks in type-append code, and adds tests that exercise invalid boolean octet values.

Changes

Cohort / File(s)	Summary
Core CDR reading logic ACE/ace/CDR_Stream.cpp, ACE/ace/CDR_Stream.inl	read_boolean_array now returns false on a failed element read (early exit). read_boolean updates good_bit_ to false for non-0/1 octets and returns false if the octet read fails. read_char uses nullptr for translator checks.
Tests ACE/tests/CDR_Test.cpp	Added boolean_test and boolean_array_test that write invalid boolean octet values (2) and assert subsequent reads fail; adjusted an existing boolean assertion to use logical negation.
Type conversion / append logic TAO/tao/AnyTypeCode/append.cpp	Initialized previously indeterminate buffer pointers to empty (buf {}) and changed array-read success checks from == 0 to !read_*_array(...) across many type handlers; minor call-formatting tweaks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Inspect ACE/ace/CDR_Stream.inl read_boolean handling to ensure no regression for translator paths and correct good_bit_ semantics.
• Verify ACE/ace/CDR_Stream.cpp early-exit in read_boolean_array doesn't change expected behavior for partial reads or buffered state.
• Review the inverted array-read conditions in TAO/tao/AnyTypeCode/append.cpp for consistency with the CDR API return conventions.
• Run and inspect new tests in ACE/tests/CDR_Test.cpp and ensure CI covers both single-value and array scenarios.

Poem

🐇 I nibble bytes beneath the moon,

Only zeros and ones make me swoon,
If a stray two bounces into sight,
I thump the ground and call it trite,
Hop, hop — I guard the CDR night. 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly corresponds to the main objective: enforcing that CDR booleans must be 0 or 1, treating other values as errors. It accurately summarizes the primary change across all modified files.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

TAO/tao/AnyTypeCode/append.cpp (1)

659-801: Inconsistent error checking in TAO_Marshal_Sequence::append.

Only the boolean array check (Line 676) was updated to use !. The other array types (octet, char, short, etc.) at lines 665, 687, 698, 709, 720, 731, 742, 753, 764, 775, 786, 797 still use == 0 which incorrectly interprets false (failure) as success. This is inconsistent with the comprehensive fix applied to TAO_Marshal_Array::append.

Apply the same fix pattern to all array types in this function:

         case CORBA::tk_octet:
           {
             char* buf;
             if (dest->adjust (ACE_CDR::OCTET_SIZE * bounds,
                               ACE_CDR::OCTET_ALIGN, buf) == 0)
               {
-                if (src->read_octet_array ((ACE_CDR::Octet*)buf, bounds) == 0)
+                if (!src->read_octet_array ((ACE_CDR::Octet*)buf, bounds))
                   retval = TAO::TRAVERSE_STOP;
               }
           }
           break;

The same change should be applied to all the other array read checks (char, short, ushort, wchar, long, ulong, float, double, longlong, ulonglong, longdouble).

🧹 Nitpick comments (1)

ACE/tests/CDR_Test.cpp (1)

855-887: Well-structured test for invalid boolean detection.

The test correctly validates that:

1. A valid boolean (true) can be read successfully
2. An invalid value (2) written as an octet fails when read as a boolean

Minor: The comment on line 871 says "stream contains 3" but the code writes value 2. Consider updating the comment for accuracy:

   // Now try to extract the boolean, first should work, second should
-  // fail as the stream contains 3 which is a not valid value for a
+  // fail as the stream contains 2 which is not a valid value for a
   // boolean

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3abc747 and 7214dbe.

📒 Files selected for processing (4)

• ACE/ace/CDR_Stream.cpp (1 hunks)
• ACE/ace/CDR_Stream.inl (1 hunks)
• ACE/tests/CDR_Test.cpp (3 hunks)
• TAO/tao/AnyTypeCode/append.cpp (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-02-07T16:15:05.367Z

Learnt from: likema
Repo: DOCGroup/ACE_TAO PR: 870
File: ACE/ace/UNIX_Addr.cpp:0-0
Timestamp: 2025-02-07T16:15:05.367Z
Learning: The ACE_UNIX_Addr class in ACE/ace/UNIX_Addr.cpp supports abstract paths in Linux, where paths starting with '@' are treated specially by having their first character replaced with a null terminator in the sun_path field.

Applied to files:

• ACE/ace/CDR_Stream.inl

📚 Learning: 2025-07-10T08:08:10.966Z

Learnt from: jwillemsen
Repo: DOCGroup/ACE_TAO PR: 2424
File: TAO/orbsvcs/ImplRepo_Service/Locator_Loader.h:23-29
Timestamp: 2025-07-10T08:08:10.966Z
Learning: In ACE/TAO codebase, ACE_Shared_Object declares virtual init(int argc, ACE_TCHAR *argv[]) and virtual fini() methods. Classes that inherit from ACE_Shared_Object (directly or indirectly through ACE_Service_Object) should use the override specifier when overriding these methods.

Applied to files:

• ACE/ace/CDR_Stream.inl

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: ubuntu-24.04 g++
• GitHub Check: ubuntu-24.04 clang++-20 c++23
• GitHub Check: ubuntu-24.04 g++-13
• GitHub Check: ubuntu-22.04 clang++-12
• GitHub Check: macos-13-C++
• GitHub Check: VS2022Release64
• GitHub Check: ubuntu-24.04 g++-11
• GitHub Check: macos-14-C++
• GitHub Check: VS2022WChar
• GitHub Check: alpine-3.18
• GitHub Check: VS2022Release32
• GitHub Check: ubuntu-24.04 g++-12
• GitHub Check: VS2022Debug64
• GitHub Check: VS2022Debug64Cxx17
• GitHub Check: ubuntu-22.04 g++-10
• GitHub Check: VS2022Debug64Cxx20
• GitHub Check: VS2022Debug32
• GitHub Check: VS2022WChar
• GitHub Check: MINGW64-gcc
• GitHub Check: windows-2022 vs2022

🔇 Additional comments (8)

TAO/tao/AnyTypeCode/append.cpp (2)

676-677: Correct fix for boolean array read error checking.

The change from == 0 to ! properly checks for failure. The read_boolean_array method returns true on success and false on failure, so the previous == 0 check was inverted.

---

843-996: LGTM! Comprehensive and consistent fix for TAO_Marshal_Array::append.

All array type handlers are correctly updated with:

1. Explicit {} initialization for buffer pointers
2. Proper failure detection using ! instead of == 0

The changes correctly align with the boolean read semantics where true indicates success and false indicates failure.

ACE/ace/CDR_Stream.cpp (1)

1925-1932: LGTM! Proper error propagation for boolean array reads.

The change correctly propagates failures from read_boolean up to the caller. Since read_boolean now validates that values are strictly 0 or 1, encountering an invalid value will cause read_boolean_array to return false immediately, preventing partial reads and ensuring the stream state accurately reflects the error.

ACE/ace/CDR_Stream.inl (2)

748-762: LGTM! Core implementation of CORBA boolean validation.

The implementation correctly enforces that CDR booleans must be 0 or 1:

• Line 758's bitwise check !(tmp & ~1) efficiently validates that tmp has no bits set other than bit 0
• Setting good_bit_ to false when an invalid value is encountered properly marks the stream as invalid
• The function returns good_bit_ to propagate the validation result

This aligns with the CORBA specification requirement for boolean encoding.

---

764-772: Minor style improvement.

The change from == 0 to == nullptr is a modern C++ style improvement for null pointer comparison.

ACE/tests/CDR_Test.cpp (3)

760-762: LGTM! Consistent with new return semantics.

The change from == 0 to ! correctly aligns with the boolean convention where true indicates success.

---

889-921: Comprehensive test for boolean array validation.

The test effectively validates that an array containing an invalid boolean value (2) causes read_boolean_array to fail, verifying the error propagation from read_boolean through the array read.

---

1106-1110: Test invocations correctly placed.

Both boolean_test() and boolean_array_test() are invoked before the final success message, ensuring the new validation tests are executed as part of the test suite.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7214dbe and 68d64fb.

📒 Files selected for processing (2)

• ACE/tests/CDR_Test.cpp (3 hunks)
• TAO/tao/AnyTypeCode/append.cpp (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: macos-13-C++
• GitHub Check: ubuntu-24.04 g++-10 CodeQL
• GitHub Check: ubuntu-24.04 g++-10 CORBA/e micro
• GitHub Check: ubuntu-24.04 clang++-16
• GitHub Check: ubuntu-22.04 clang++-12
• GitHub Check: ubuntu-24.04 clang++-15
• GitHub Check: ubuntu-24.04 g++-13
• GitHub Check: ubuntu-22.04 g++-9
• GitHub Check: VS2022Debug64
• GitHub Check: VS2022Release32
• GitHub Check: VS2022Debug64Cxx20
• GitHub Check: VS2022WChar
• GitHub Check: VS2022Debug32
• GitHub Check: VS2022WChar
• GitHub Check: VS2022Release64
• GitHub Check: VS2022Debug64Cxx17
• GitHub Check: MINGW64-gcc
• GitHub Check: alpine-3.18
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: windows-2022 vs2022
• GitHub Check: ubuntu-24.04 g++

🔇 Additional comments (5)

TAO/tao/AnyTypeCode/append.cpp (2)

661-680: LGTM! Proper propagation of boolean array validation errors.

The buf {} initialization ensures the pointer starts as nullptr rather than indeterminate. The !src->read_boolean_array(...) check at line 676 will now correctly stop traversal when the underlying CDR stream detects invalid boolean values (anything other than 0 or 1), aligning with the PR objective.

---

854-864: LGTM! Consistent changes for array type handling.

The initialization and condition check changes in TAO_Marshal_Array::append mirror those in TAO_Marshal_Sequence::append, ensuring that invalid boolean array values are properly rejected during array append operations as well.

ACE/tests/CDR_Test.cpp (3)

760-762: LGTM! Consistent style for boolean return check.

The change from == 0 to ! is a stylistic improvement that aligns with how other boolean checks are written in this file and throughout the codebase.

---

855-887: LGTM! Good test coverage for invalid boolean validation.

This test correctly verifies that:

1. A valid boolean (true → 1) is read successfully
2. An invalid boolean value (2 written as octet) is rejected by read_boolean

The test structure is clear and the expected behavior aligns with the PR objective.

---

1106-1110: LGTM! Test invocations properly integrated.

The new boolean validation tests are correctly invoked in the test sequence before the final success message.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

ACE/tests/CDR_Test.cpp (1)

855-887: Consider clarifying the error message.

The test logic is correct: it verifies that read_boolean properly rejects invalid values (value 2). However, the error message at line 882 could be more explicit about what went wrong.

The current message "boolean_test bout2 failed %d" doesn't clearly convey that the test expected the read to fail but it succeeded. Consider:

-                        ACE_TEXT ("boolean_test bout2 failed %d\n"), bout2),
+                        ACE_TEXT ("boolean_test: read_boolean should have rejected invalid value but succeeded with %d\n"), bout2),

This makes it clearer that the test is checking for proper rejection of invalid boolean values.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68d64fb and 71af1eb.

📒 Files selected for processing (1)

• ACE/tests/CDR_Test.cpp (3 hunks)

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-02-13T18:50:43.028Z

Learnt from: likema
Repo: DOCGroup/ACE_TAO PR: 2332
File: ACE/ace/Ping_Socket.cpp:227-232
Timestamp: 2025-02-13T18:50:43.028Z
Learning: In ACE framework's logging system (ACE_Log_Msg::log), `%b` is the correct format specifier for printing ssize_t values, not the standard C++ `%zd`.

Applied to files:

• ACE/tests/CDR_Test.cpp

📚 Learning: 2025-02-13T18:51:40.093Z

Learnt from: likema
Repo: DOCGroup/ACE_TAO PR: 2332
File: ACE/ace/Ping_Socket.cpp:270-277
Timestamp: 2025-02-13T18:51:40.093Z
Learning: In ACE_Log_Msg logging system, '%b' is the correct format specifier to print ssize_t values, not '%zd'.

Applied to files:

• ACE/tests/CDR_Test.cpp

📚 Learning: 2025-02-13T18:51:40.093Z

Learnt from: likema
Repo: DOCGroup/ACE_TAO PR: 2332
File: ACE/ace/Ping_Socket.cpp:270-277
Timestamp: 2025-02-13T18:51:40.093Z
Learning: In ACE_Log_Msg logging system, '%b' is the correct format specifier for ssize_t values, not '%zd'. This is a custom format specifier specific to ACE's logging system.

Applied to files:

• ACE/tests/CDR_Test.cpp

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: ubuntu-24.04 g++-10 wchar
• GitHub Check: ubuntu-24.04 clang++-14
• GitHub Check: ubuntu-24.04 g++-12
• GitHub Check: ubuntu-24.04 g++-11
• GitHub Check: ubuntu-22.04 g++-10
• GitHub Check: macos-14-C++
• GitHub Check: macos-13-C++
• GitHub Check: VS2022Release64
• GitHub Check: VS2022Debug64
• GitHub Check: VS2022WChar
• GitHub Check: VS2022Debug32
• GitHub Check: VS2022Release32
• GitHub Check: VS2022Debug64Cxx17
• GitHub Check: VS2022WChar
• GitHub Check: VS2022Debug64Cxx20
• GitHub Check: MINGW64-gcc
• GitHub Check: alpine-3.18
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: ubuntu-24.04 g++
• GitHub Check: windows-2022 vs2022

🔇 Additional comments (3)

ACE/tests/CDR_Test.cpp (3)

760-760: LGTM: Style improvement.

Using logical negation ! instead of explicit comparison with 0 is more idiomatic and improves readability.

---

889-921: LGTM: Effective test for boolean array validation.

This test properly verifies that read_boolean_array rejects arrays containing invalid boolean values (value 2 in position 1). The test logic is sound:

1. Valid array read succeeds
2. Array with invalid value correctly triggers failure

The error messages are clear and the past review feedback regarding format specifiers has been addressed.

---

1106-1110: LGTM: Test invocations are correctly integrated.

Both new test functions are properly called from run_main with appropriate error handling. The tests will execute as part of the standard CDR test suite.