fix: Crash when reading corrupted envelope

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+
+## Unreleased
+
+### Fixes
+
+- Crash when reading corrupted envelope (#4297)
+
 ## 8.35.0
 
 ### Features

Sources/Sentry/SentrySerialization.m

@@ -208,6 +208,14 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data
  if (endOfEnvelope == i) {
  i++; // 0 byte attachment
  }
+
+ if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) {
+ SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li "
+ @"bytes by skiping %li from a buffer of %li bytes.",
+ (unsigned long)data.length, (unsigned long)bodyLength, (long)(i + 1));
+ return nil;
+ }
+
  NSData *itemBody = [data subdataWithRange:NSMakeRange(i + 1, bodyLength)];
  SentryEnvelopeItem *envelopeItem = [[SentryEnvelopeItem alloc] initWithHeader:itemHeader
  data:itemBody];

Tests/SentryTests/Helper/SentrySerializationTests.swift

@@ -267,6 +267,17 @@ class SentrySerializationTests: XCTestCase {
  XCTAssertNil(actual)
  }
 
+ func testReturnNilForCorruptedEnvelope() throws {
+ let envelope = SentryEnvelope(event: Event(error: NSError(domain: "test", code: -1, userInfo: nil)))
+ let data = try XCTUnwrap(SentrySerialization.data(with: envelope))
+
+ let corruptedData = data[0..<data.count - 1]
+
+ let unserialized = SentrySerialization.envelope(with: corruptedData)
+
+ XCTAssertNil(unserialized)
+ }
+
  private func serializeEnvelope(envelope: SentryEnvelope) -> Data {
  var serializedEnvelope: Data = Data()
  do {