From 022831b8c389e8150d49c22bec6284484065bdb2 Mon Sep 17 00:00:00 2001
From: David Leeds <david.leeds@chargepoint.com>
Date: Thu, 17 Jun 2021 15:07:26 -0700
Subject: [PATCH] Avoid propagating msg unpack exceptions to event loop

This change addresses conditions where an exception is thrown by the library upon receipt of a malformed message from an external
source, and propagated up to the event loop with no chance of
interception by the application. This issue is only experienced by
proxy convenience APIs, as low-level APIs allow the application to
unpack the message.

Strategy:
1. For malformed signals received by proxies: ignore the signal.
2. For malformed async method responses, translate the unpack
  exception into an sdbus::Error, and pass it to the caller as expected.
---
 include/sdbus-c++/ConvenienceApiClasses.inl | 27 +++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/include/sdbus-c++/ConvenienceApiClasses.inl b/include/sdbus-c++/ConvenienceApiClasses.inl
index 13c29ab..1d1f871 100644
--- a/include/sdbus-c++/ConvenienceApiClasses.inl
+++ b/include/sdbus-c++/ConvenienceApiClasses.inl
@@ -588,7 +588,20 @@ namespace sdbus {
 
             // Deserialize input arguments from the message into the tuple (if no error occurred).
             if (error == nullptr)
-                reply >> args;
+            {
+                try
+                {
+                    reply >> args;
+                }
+                catch (const sdbus::Error& e)
+                {
+                    // Catch message unpack exceptions and pass them to the callback
+                    // in the expected manner to avoid propagating them up the call
+                    // stack to the event loop.
+                    sdbus::apply(callback, &e, args);
+                    return;
+                }
+            }
 
             // Invoke callback with input arguments from the tuple.
             sdbus::apply(callback, error, args);
@@ -628,7 +641,17 @@ namespace sdbus {
             tuple_of_function_input_arg_types_t<_Function> signalArgs;
 
             // Deserialize input arguments from the signal message into the tuple
-            signal >> signalArgs;
+            try
+            {
+                signal >> signalArgs;
+            }
+            catch (const sdbus::Error& e)
+            {
+                // The convenience API callback cannot handle an incoming signal with
+                // an unexpected payload, so catch and ignore this exception to avoid
+                // propagating it up the call stack to the event loop.
+                return;
+            }
 
             // Invoke callback with input arguments from the tuple.
             sdbus::apply(callback, signalArgs);