in_forward: validate array size before accessing message mode fields

[TristanInSec]

The forward protocol parser accesses root.via.array.ptr[2] when the
second element is a positive integer or EXT type (message mode), but
only checks that the array has at least 2 elements. A 2-element array
[tag, integer] passes the size check but causes an out-of-bounds heap
read when accessing index 2.

Add a size >= 3 check before the message mode branch.

Summary by CodeRabbit

• Bug Fixes
  • Improved message validation and error handling to gracefully detect and reject malformed or too-short incoming messages, log a warning, release parsing resources, and avoid out-of-bounds processing.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6be2d48b-6fda-4926-a2f2-ff35d8f91856

📥 Commits

Reviewing files that changed from the base of the PR and between dea17b4 and d12ecb3.

📒 Files selected for processing (1)

• plugins/in_forward/fw_prot.c

🚧 Files skipped from review as they are similar to previous changes (1)

• plugins/in_forward/fw_prot.c

---

📝 Walkthrough

Walkthrough

The forward protocol parser now checks that a message-mode array has at least three elements before treating element 2 as the payload; on failure it logs a warning, frees msgpack/unpacker and out_tag, and returns -1.

Changes

Forward protocol message validation

Layer / File(s)	Summary
Array bounds check in message-mode parsing plugins/in_forward/fw_prot.c	Message-mode parsing validates root.via.array.size >= 3 before treating element 2 as the payload. Invalid messages log a warning, destroy msgpack result/unpacker and output tag resources, and return -1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• fluent/fluent-bit#11530: Also tightens plugins/in_forward/fw_prot.c handling with defensive bounds/validation for Forward payloads.
• fluent/fluent-bit#11442: Related defensive checks and parser-state handling changes in fw_prot_process().

Suggested labels

backport to v4.2.x, backport to v4.1.x, backport to v4.0.x

Suggested reviewers

• edsiper
• cosmo0920

Poem

🐰 A three-piece tune, no item astray,

I check the array before it can stray.
If elements fail and the message is thin,
I free what I held and stop it from in.
Hoppity safe, the parser stays sound.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding array size validation before accessing message mode fields in the forward protocol parser.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cosmo0920]

Hi, thanks for your contributions. But we need to add Signed-off lines to display who had committed in each of commit.
Could you follow the instruction that is described here?
https://github.com/fluent/fluent-bit/pull/11851/checks?check_run_id=77943752888

[edsiper]

@TristanInSec would you please sign off the commits ? (DCO error / git commit -s ...)