Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check well-formedness of data from MarshalCBOR #485

Merged
merged 3 commits into from
Feb 25, 2024
Merged

Check well-formedness of data from MarshalCBOR #485

merged 3 commits into from
Feb 25, 2024

Conversation

fxamacker
Copy link
Owner

Closes #482

MarshalerError is returned if CBOR data item returned from MarshalCBOR() fails either:

  • well-formedness check, or
  • tag validation for builtin tags 0-3

Many thanks to @benluddy for reporting this bug! 👍

@fxamacker
Check well-formedness of data from MarshalCBOR
accf57c 
MarshalerError is returned if CBOR data item returned from
MarshalCBOR() fails either:
- well-formedness check, or
- tag validation for builtin tags 0-3
@fxamacker fxamacker mentioned this pull request Feb 5, 2024
Closed
benluddy
benluddy reviewed Feb 5, 2024
View reviewed changes
Copy link
Contributor

@benluddy benluddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank for for fixing this!

On a related subject, I'm curious if you have already had discussions about alternative ways for applications to customize marshaling behavior. I'm sure you're already aware of the limitations of the TextMarshaler/BinaryMarshaler-style interface design:

  1. additional heap allocations to support the []byte return value
  2. additional copy from the []byte return value to the encoder output
  3. inability to customize marshaling behavior for types that are external to an application (i.e. library types and built-in types)
  4. the encode options used by the caller aren't visible to the Marshaler on each invocation
  5. the Marshaler's output needs to be validated

Is that something you'd be interested in exploring (in a separate issue) in the future?

encode.go Outdated Show resolved Hide resolved
@fxamacker
Copy link
Owner Author

@benluddy

Is that something you'd be interested in exploring (in a separate issue) in the future?

Yes, definitely! 👍

The current API is meant to be easy for users familiar with encoding and encoding/json packages so it inherits some limitations from their interfaces.

A more efficient and extensible API would definitely be useful as an alternative to Marshaler. We'd be able to use EncMode, etc. and address various limitations you mentioned.

@fxamacker fxamacker added this to the v2.7.0 milestone Feb 12, 2024
@fxamacker
Refactor to use consts for max nested level settings
17164a1
@fxamacker
Use custom DecModes to check Marshaler data
a3a1d71 
This commit checks Marshaler data for well-formedness
(and very limited partial validation) by reusing one
of four DecModes created during startup.  These modes
are safe for parallel use by different Marshalers.
x448
x448 reviewed Feb 21, 2024
View reviewed changes
encode.go Show resolved Hide resolved
@fxamacker fxamacker merged commit cfbd0ff into master Feb 25, 2024
17 checks passed
@fxamacker fxamacker mentioned this pull request Mar 17, 2024
Open
@fxamacker fxamacker deleted the fxamacker/check-marshaler-data-wellformedness branch September 7, 2024 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@x448 x448 x448 approved these changes

@benluddy benluddy Awaiting requested review from benluddy

Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
v2.7.0
Development

Successfully merging this pull request may close these issues.

bug: Marshal can produce malformed CBOR when marshaling a cbor.Marshaler that produces malformed CBOR
3 participants
@fxamacker @benluddy @x448