Electron Releases

Description

Fixes two parsing issues in the app.requestSingleInstanceLock / second-instance data path:

POSIX (process_singleton_posix.cc): The socket message parser did not check the return value of base::StringToSizeT when reading the argv count and additional-data length fields, and did not validate those counts against the actual number of tokens received. A malformed message from a second instance could produce incorrect slicing.

Windows (chrome_process_finder.cc / process_singleton_win.cc): additionalData bytes were reinterpret_cast directly into the null-delimited wchar_t buffer used for WM_COPYDATA. V8's serialization format regularly contains 0x00 bytes (varint-encoded zero lengths, etc.), and any aligned 0x0000 pair terminated the field early on the receive side. The result: complex additionalData objects could arrive truncated and fail to deserialize, while simple ones happened to work. Now base64-encoded before embedding.

Checklist

• PR description included
• npm test passes (app.requestSingleInstanceLock suite — 11/11)
• Follows the PR guidelines

Release Notes

Notes: Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event.