Skip to content

[Bug]: buggy client or attacker sends NaN as a coordinate ,Results in Carsh of application in evaluations #90

@aniket866

Description

@aniket866

Bug Description

Stability: Missing Invalid Number Checks (NaN)
Issue: The dx/dy values are not checked for NaN (Not a Number) before math operations. Note: Math.min(NaN, 100) returns NaN.

Fix: Add strict checks: if (!Number.isFinite(msg.dx)) return;.

Why?: If a buggy client or attacker sends NaN as a coordinate, calculations involving currentPos.x + NaN result in NaN. Passing NaN coordinates to the OS automation library (nut.js) typically causes the Node.js process to crash with an unhandled exception.

Steps to Reproduce

N/A

Expected Behavior

N/A

Desktop Operating System

Windows 10

Mobile Device (Client)

any device

Rein Version

1

Console Logs / Error Messages

N/A

Screenshots / Recordings

N/A

Checklist

  • I have searched for existing issues to avoid duplicates

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions