Fix window state load hardening

2026-04-17 17:57:17 +01:00 · 2026-04-17 17:57:17 +01:00 · d58ce941e6
commit d58ce941e6
parent 50e96c0883
2 changed files with 20 additions and 3 deletions
--- a/pkg/window/state.go
+++ b/pkg/window/state.go
@ -2,6 +2,7 @@
 package window

 import (
+	"io/fs"
 	"sync"
 	"time"

@ -89,6 +90,9 @@ func (sm *StateManager) load() {
 	}
 	content, err := coreio.Local.Read(sm.filePath())
 	if err != nil {
+		if core.Is(err, fs.ErrNotExist) {
+			return
+		}
 		core.Error(
 			"window state load failed",
 			"path", sm.filePath(),
@ -96,9 +100,8 @@ func (sm *StateManager) load() {
 		)
 		return
 	}
-	sm.mu.Lock()
-	defer sm.mu.Unlock()
-	result := core.JSONUnmarshalString(content, &sm.states)
+	loaded := make(map[string]WindowState)
+	result := core.JSONUnmarshalString(content, &loaded)
 	if !result.OK {
 		if decodeErr, ok := result.Value.(error); ok {
 			core.Error(
@ -107,7 +110,11 @@ func (sm *StateManager) load() {
 				"err", core.E("window.StateManager.load", "failed to decode window state", decodeErr),
 			)
 		}
+		return
 	}
+	sm.mu.Lock()
+	sm.states = loaded
+	sm.mu.Unlock()
 }

 func (sm *StateManager) save() error {
--- a/pkg/window/state_test.go
+++ b/pkg/window/state_test.go
@ -27,6 +27,16 @@ func TestStateManagerState_NewStateManagerWithDir_Bad(t *testing.T) {
 	assert.Empty(t, sm.dataDir())
 }

+func TestStateManagerState_NewStateManagerWithDir_InvalidFile_Good(t *testing.T) {
+	dir := t.TempDir()
+	require.NoError(t, os.WriteFile(filepath.Join(dir, "window_state.json"), []byte("{invalid"), 0o644))
+
+	sm := NewStateManagerWithDir(dir)
+
+	require.NotNil(t, sm)
+	assert.Empty(t, sm.ListStates())
+}
+
 func TestStateManagerState_SetPath_Good(t *testing.T) {
 	dir := t.TempDir()
 	sm := NewStateManagerWithDir(dir)