fix: bounds-check the IPC result before accessing. (#24041)

* fix: bounds-check the IPC result before accessing.

* fix: address feedback about safety checking JS too

* fix: address feedback: check JS array length, too.

lib/renderer/api/ipc-renderer.js

@@ -13,7 +13,11 @@ if (!ipcRenderer.send) {
   };
 
   ipcRenderer.sendSync = function (channel, ...args) {
-    return ipc.sendSync(internal, channel, args)[0];
+    const result = ipc.sendSync(internal, channel, args);
+    if (!Array.isArray(result) || result.length !== 1) {
+      throw new Error(`Unexpected return value from ipcRenderer.sendSync: ${result}`);
+    }
+    return result[0];
   };
 
   ipcRenderer.sendToHost = function (channel, ...args) {

shell/renderer/api/atom_api_renderer_ipc.cc

@@ -102,6 +102,10 @@ class IPCRenderer : public mate::Wrappable<IPCRenderer> {
 
     electron_browser_ptr_->MessageSync(internal, channel, std::move(arguments),
                                        &result);
+
+    if (!result.is_list() || result.GetList().empty())
+      return base::Value{};
+
     return std::move(result.GetList().at(0));
   }