midir icon indicating copy to clipboard operation
midir copied to clipboard
verified publisher icon Boddlnagg

crash with large sysex on MacOS

Open mzero opened this issue 11 months ago • 3 comments

While not documented in the coremidi crate, PacketBuffer has an intrinsic size limit based on a poorly documented and handled size limit in Apple's CoreMIDI MIDIPacketList and MIDIPacket structures. The size limit is a bit less than 65536. (Exact value isn't documented!)

MidiOutputConnection's send() takes whatever data is passed in and passes it directly to PacketBuffer. If the data is big (think 80k sysex messages) - then PacketBuffer creates a corrupted buffer, which when sent causes a hard crash.

If the semantics of send() are that it will send what ever it is handed... then it needs to break larger messages up into chunks, and send the one after another.

If the semantics of send() are that it wants to inherit the limits of PacketBuffer, then it should document, and perhaps enforce that constraint.

How did I find this? I'm sending 80k sysexs (to control a synth) from a WebMIDI app.... and in Firefox on Mac it crashes the browser completely and instantly! I don't know who to blame for the crash... but the 80k byte array gets passed:

JavaScript -> Firefox/Gekko's C++ code -> Firefox/Gekkot's Rust crate midir_impl -> Boodlnagg's Rust midir package -> coremidi

mzero avatar Feb 04 '25 22:02 mzero

bug filed with FireFox: https://bugzilla.mozilla.org/show_bug.cgi?id=1945967

Also, note, midir's handling of large SysEx on Linux works just fine.

mzero avatar Feb 04 '25 23:02 mzero

Thanks for reporting the bug! The underlying reason is that the coremidi crate is unsound. The macOS implementation in midir uses the safe API from coremidi, which is not supposed to crash (it may panic, though ... not sure if that would also crash the Firefox browser). But this should be fixed in coremidi to return a Result::Err in such a case, which would then be forwarded by midir.

You're probably right that the solution of splitting such a large sysex into multiple messages could and should be done in midir, to make the sending of such large messages consistently work on all platforms. Seems like inspiration could be taken from Chromium. A PR is welcome :-)

Boddlnagg avatar Feb 05 '25 18:02 Boddlnagg

Partial solution: https://github.com/chris-zen/coremidi/pull/58 (I don't know how the panic! would be handled in Firefox, though)

A better solution of course would be to split the SysEx into chunks (if that is possible with the coremidi API), but I don't really have the bandwidth to work on this at the moment.

Boddlnagg avatar Nov 03 '25 17:11 Boddlnagg