Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forbid negative uvarint values #226

Merged
merged 4 commits into from
Mar 3, 2022
Merged

Forbid negative uvarint values #226

merged 4 commits into from
Mar 3, 2022

Conversation

jtraglia
Copy link
Contributor

When reading over code, I noticed that it was possible to provide a 10-byte
uvarint (variable length integer) instead of the 9-byte maximum. The functions
did not properly catch it.

Also, fix what I believe is a typo in the ByteArray version. It checked the
wrong variable (result vs index) which would almost always result in a null
value. Might as well throw an exception there like the other implementation.

Fixes #225.

@jtraglia
Fix overflows in readUvarint
f0e982e 
When reading over code, I noticed that it was possible to provide a 10-byte
uvarint (variable length integer) instead of the 9-byte maximum. The functions
did not properly catch it.

Also, fix what I believe is a typo in the ByteArray version. It checked the
wrong variable (result vs index) which would almost always result in a null
value. Might as well throw an exception there like the other implementation.

Fixes #225.
@jtraglia
Throw exception for negative value in writeUvarint
6361fd3
@jtraglia jtraglia changed the title Fix overflows in readUvarint Forbid negative uvarint values Mar 1, 2022
@ajsutton
Copy link
Contributor

ajsutton commented Mar 1, 2022

Sorry for the delay on this one - I haven't forgotten it, just not an area I'm particularly familiar with so harder to review.

@jtraglia
Copy link
Contributor Author

jtraglia commented Mar 1, 2022

No worries, I totally understand. There's no rush.

ajsutton
ajsutton approved these changes Mar 3, 2022
View reviewed changes
Copy link
Contributor

@ajsutton ajsutton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, dug into the specs and this looks right to me - sorry it took so long. I've just added an additional test to confirm that we can successfully encode and decode Long.MAX_VALUE to ensure that the maximum length of 9 bytes is decoded.

@ajsutton ajsutton merged commit 5c3943d into libp2p:develop Mar 3, 2022
@jtraglia
Copy link
Contributor Author

jtraglia commented Mar 3, 2022

@ajsutton Just so you know, testRoundTripMaximumValue appears to be a duplicate of testEncodeDecodeMaxLong:

jvm-libp2p/src/test/kotlin/io/libp2p/etc/types/UvarintTest.kt

Lines 28 to 33 in 5c3943d

@Test
fun testEncodeDecodeMaxLong() {
val buf = Unpooled.buffer()
buf.writeUvarint(Long.MAX_VALUE)
assertEquals(Long.MAX_VALUE, buf.readUvarint())
}

jvm-libp2p/src/test/kotlin/io/libp2p/etc/types/UvarintTest.kt

Lines 61 to 66 in 5c3943d

@Test
fun testRoundTripMaximumValue() {
val buf = Unpooled.buffer()
buf.writeUvarint(Long.MAX_VALUE)
assertEquals(Long.MAX_VALUE, buf.readUvarint())
}

@ajsutton
Copy link
Contributor

ajsutton commented Mar 3, 2022

Oh darn I didn't spot that. I'll have to clean that up. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajsutton ajsutton ajsutton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unsigned varints allow negative values
2 participants
@jtraglia @ajsutton