Conversation
There was no check that there were sufficient remaining bytes so bad messages could cause a panic in the flexible/compact encoding case. Signed-off-by: beanz <[email protected]>
Signed-off-by: beanz <[email protected]>
|
|
||
| switch { | ||
| case n < -1: | ||
| return 0, errInvalidStringLength |
There was a problem hiding this comment.
🤔 Duplicated testing, though here we’re only testing -1, below we test for the stronger < 0.
There was a problem hiding this comment.
I don't recall any more but I probably wanted to keep it consistent with the non-flexible version. There are a few issues like this already that I'd like to tackle. For instance, when we get array lengths there are checks like:
if tmp > rd.remaining() {
rd.off = len(rd.raw)
return -1, ErrInsufficientData
} else if tmp > int(MaxResponseSize) {
return -1, errInvalidArrayLength
}
The second check is redundant since we know the total buffer size is less than MaxResponseSize as it was check after we read the length in the header the data arrived in so the remaining check covers it already.
The remaining check would be better made by the caller since we may need to check for, for example, 4*tmp (for int32 array) or 8*tmp (for int64 array). Checking 1*tmponly makes sense in the compact string case and even then it is potentially a significant underestimate.
There was a problem hiding this comment.
Hm… those checks ought to probably be inverted anyways. Returning an invalid array length has value above simply returning insufficient data. 🤔
And yeah, checking the remaining for an array… 🤔 maybe we could pass in a byte size, allowing us to properly check for insufficient data. But as you say… maybe better to just do the check downstream.
3 participants
Couple of issues spotted while debugging protocol message updates.