Skip to content

core: route view_image through a sandbox-backed fs helper#15186

Closed
bolinfest wants to merge 1 commit intomainfrom
pr15186
Closed

core: route view_image through a sandbox-backed fs helper#15186
bolinfest wants to merge 1 commit intomainfrom
pr15186

Conversation

@bolinfest
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest commented Mar 19, 2026
edited
Loading

@bolinfest bolinfest mentioned this pull request Mar 19, 2026
Closed
@bolinfest
Copy link
Copy Markdown
Collaborator Author

bolinfest commented Mar 19, 2026

Superseded by #14989 after splitting the stack; closing the duplicate PR created during resubmission.

@bolinfest bolinfest closed this Mar 19, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 40ba3162cc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/core/src/sandboxed_fs.rs
Comment on lines +87 to +99
let output = execute_env_bytes(exec_request, /*stdout_stream*/ None)
.await
.map_err(|error| map_exec_error(path, error))?;
if output.exit_code != 0 {
return Err(parse_helper_failure(
path,
output.exit_code,
&output.stderr.text,
&output.stdout.text,
));
}

Ok(output)
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Avoid capping helper stdout when reading image bytes

view_image now trusts the bytes returned by execute_env_bytes, but that path still goes through the generic exec collector in core/src/exec.rs (EXEC_OUTPUT_MAX_BYTES plus read_capped), which retains only the first 1 MiB of stdout. Any PNG/JPEG larger than that will be silently truncated here before local_image_content_items_with_label_number tries to decode it, so previously valid large images now fail or produce corrupted uploads.

Useful? React with 👍 / 👎.

Comment thread codex-rs/core/src/tools/handlers/view_image.rs
Comment on lines +107 to +114
let image_bytes = sandboxed_fs::read_file(&session, &turn, abs_path.as_path())
.await
.map_err(|error| {
FunctionCallError::RespondToModel(render_view_image_read_error(
abs_path.as_path(),
&error,
))
})?;
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject non-regular paths before handing them to the fs helper

The previous implementation checked metadata.is_file before reading; this version passes every readable path straight to the helper. In fs-ops/src/runner.rs, std::io::copy reads until EOF, so in full-access or unrestricted sessions a path like /dev/zero or a FIFO will block until the 30s helper timeout instead of immediately returning image path ... is not a file.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bolinfest