Description
Describe the bug
Hi team, the pubuid
and subuid
for NetworkTables publishers are constrained to fit within a signed 32-bit integer space (source). However, this constraint is not explicitly documented in the relevant sections of the networktables4.adoc. Exceeding this range can cause unexpected behavior, including crashes.
To Reproduce
Steps to reproduce the behavior:
- Produce a
pubuid
exceeding the signed 32-bit positive integer range. - Send a publish request to the server, such as:
[{"method":"publish","params":{"type":"string","name":"/MyTable/myvalue","pubuid":2147483647,"properties":{}}}]
Expected behavior
The pubuid
should be validated and rejected if it exceeds the supported range.
Desktop (please complete the following information):
- OS: macOS
- Project Information: Getting Started example simulator on Java 17, WPILib 2025.2.1
Additional context
This issue became evident when testing with values near and beyond the signed 32-bit limit:
-
A
pubuid
of2147483646
worked as expected. -
A
pubuid
of2147483647
caused a crash, however not all integers above the max cause the code to crash. -
the UID's are defined as
int
here: Message.h
Potential Security Concern
A malicious actor with websocket access could exploit this limitation to trigger denial-of-service scenarios by sending invalid publish requests, such as:
[{"method":"publish","params":{"type":"string","name":"/MyTable/myvalue","pubuid":2147483647,"properties":{}}}]
Suggested Solutions
- Change
pubuid
andsubuid
to unsigned integers with server-side validation. - Increase their size to unsigned 64-bit integers.
- Allow
pubuid
andsubuid
to support strings for greater flexibility.
Additionally, the documentation should be updated to clearly specify the current constraint, preventing similar issues for developers and mitigating security risks.