in_tcp: Prevent truncation on incoming payloads

[cosmo0920]

There's type glitches for int, size_t, ssize_t on in_tcp.
So, we need to tidy up the usages and tighten the boundary of incoming payloads.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes

  • Improved input validation and explicit bounds checking for TCP payload handling to prevent invalid lengths and errors.
  • Guarded log emission to avoid spurious logs on empty outputs.
  • Strengthened error handling and state reset for invalid or reinitialized JSON payloads to avoid processing failures.

• Tests

  • Added test coverage and a verifier for processing very large records in TCP input to validate large-payload handling.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4abaa058-d139-4852-ab1d-b2130acbb150

📥 Commits

Reviewing files that changed from the base of the PR and between 5bcdc52 and 5e89f38.

📒 Files selected for processing (2)

• plugins/in_tcp/tcp_conn.c
• tests/runtime/in_tcp.c

---

📝 Walkthrough

Walkthrough

Tightened size/type safety and payload validation in TCP connection parsing and consumption; guarded log emission when output is empty; added a thread-safe large-record test for the "format none" path to verify handling of very large payloads.

Changes

Cohort / File(s)	Summary
TCP connection parsing & consumption plugins/in_tcp/tcp_conn.c	Changed byte/length parameters to size_t where appropriate, added guards for zero or out-of-bounds sizes before consuming/moving data, validated out_size before casting, guarded log emission on output_length > 0, and added explicit error handling and JSON pack-state reset on invalid payload lengths.
Runtime tests — large-record verifier tests/runtime/in_tcp.c	Added test_log_verifier with thread-safe helpers, strengthened cb_count_msgpack input checks, added cb_check_large_record_msgpack, and introduced flb_test_format_none_large_record to send and verify a single very large payload for "format none".

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

backport to v4.2.x

Suggested reviewers

• edsiper
• koleini

Poem

🐰 I nibble bytes with gentle care,
Size_t shields keep data fair,
Guards in place, logs only when seen,
Big records pass — tidy and clean,
Hooray for safe TCP, hop-hop! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.46% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: preventing truncation on incoming payloads by fixing type mismatches and tightening boundary handling in the in_tcp plugin.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cosmo0920-prevent-truncation-on-in_tcp

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/in_tcp/tcp_conn.c`:
- Around line 378-385: The JSON consume-length error handling branch currently
clears conn->buf_len but leaves conn->pack_state unchanged; update the branch
handling ret_payload < 0 || ret_payload > conn->buf_len to also reset the parser
state (the same way the ret_payload == -1 path does) so stale parser state from
parse_payload_json() isn't reused on the next read; locate the block around the
check for ret_payload and add a reset/initialization of conn->pack_state (or
call the existing pack_state reset helper used elsewhere) before setting ret =
-1 and goto cleanup to mirror the other error path.

In `@tests/runtime/in_tcp.c`:
- Around line 652-706: The test only uses cb_count_msgpack and get_output_num to
assert one output, which misses payload truncation; change the test to inspect
the emitted record(s) payload content and length instead of only counting.
Replace or augment cb_count_msgpack usage by capturing the actual emitted
msgpack in the test callback (or use an existing callback that returns the
record data), then after flb_time_msleep(1500) decode the single output and
assert the "log" field length equals payload_size+1 and its bytes match buf (use
ctx->cb_data or the callback storage created via test_ctx_create/cb_data to
retrieve the raw emitted message); keep the existing connectivity and send loop
but assert content/length equality rather than num == 1.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ef9198d0-e4ba-4944-ba0f-f78dc92dbf13

📥 Commits

Reviewing files that changed from the base of the PR and between a1d9c2a and 04594cc.

📒 Files selected for processing (2)

• plugins/in_tcp/tcp_conn.c
• tests/runtime/in_tcp.c

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/in_tcp/tcp_conn.c`:
- Around line 383-387: The recovery path reinitializes JSON parser state but
ignores flb_pack_state_init() failure; update the block that runs when
ctx->format == FLB_TCP_FMT_JSON to check the return value of
flb_pack_state_init(&conn->pack_state) and handle allocation failure (e.g., log
error via the plugin logger, free/reset any partially initialized state, mark
the connection for close or return an error so it won't be reused). Ensure you
still set conn->pack_state.multiple = FLB_TRUE only after a successful init and
keep the flb_pack_state_reset(&conn->pack_state) call as part of cleanup on
failure to avoid leaving a broken pack_state.
- Around line 185-193: process_pack() failures are not propagated: check the
return value of process_pack(conn, pack, (size_t) out_size) and if it indicates
an error, free pack and return -1 immediately instead of proceeding to use
conn->pack_state.last_byte; only set/use processed = conn->pack_state.last_byte
and validate it after a successful process_pack call so tcp_conn_event() does
not discard payloads when encoding/appending failed.

In `@tests/runtime/in_tcp.c`:
- Around line 833-835: verifier.expected points into buf and the lib output
callback is asynchronous, so do not free buf before tearing down the engine;
move the flb_free(buf) call to after test_ctx_destroy(ctx) (you can still close
the socket with flb_socket_close(fd) before teardown), ensuring buf remains
valid until test_ctx_destroy completes and then free it.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1e89165a-8bc2-4ab4-8f0b-3ca29f1f2705

📥 Commits

Reviewing files that changed from the base of the PR and between 04594cc and 5bcdc52.

📒 Files selected for processing (2)

• plugins/in_tcp/tcp_conn.c
• tests/runtime/in_tcp.c