Fixed error handling in reader buffer ensure

Author: ludocode

src/mpack/mpack-expect.c

@@ -29,6 +29,8 @@
 // Helpers
 
 MPACK_STATIC_INLINE uint8_t mpack_expect_native_u8(mpack_reader_t* reader) {
+    if (mpack_reader_error(reader) != mpack_ok)
+        return 0;
     uint8_t type;
     if (!mpack_reader_ensure(reader, sizeof(type)))
         return 0;
@@ -40,6 +42,8 @@ MPACK_STATIC_INLINE uint8_t mpack_expect_native_u8(mpack_reader_t* reader) {
 
 #if !MPACK_OPTIMIZE_FOR_SIZE
 MPACK_STATIC_INLINE uint16_t mpack_expect_native_u16(mpack_reader_t* reader) {
+    if (mpack_reader_error(reader) != mpack_ok)
+        return 0;
     uint16_t type;
     if (!mpack_reader_ensure(reader, sizeof(type)))
         return 0;
@@ -50,6 +54,8 @@ MPACK_STATIC_INLINE uint16_t mpack_expect_native_u16(mpack_reader_t* reader) {
 }
 
 MPACK_STATIC_INLINE uint32_t mpack_expect_native_u32(mpack_reader_t* reader) {
+    if (mpack_reader_error(reader) != mpack_ok)
+        return 0;
     uint32_t type;
     if (!mpack_reader_ensure(reader, sizeof(type)))
         return 0;

src/mpack/mpack-reader.c

@@ -229,6 +229,7 @@ static void mpack_partial_fill(mpack_reader_t* reader) {
 
 bool mpack_reader_ensure_straddle(mpack_reader_t* reader, size_t count) {
     mpack_assert(count != 0, "cannot ensure zero bytes!");
+    mpack_assert(reader->error == mpack_ok, "reader cannot be in an error state!");
 
     if (count <= reader->left) {
         mpack_assert(0,
@@ -248,6 +249,9 @@ bool mpack_reader_ensure_straddle(mpack_reader_t* reader, size_t count) {
         return false;
     }
 
+    mpack_assert(count <= reader->size, "cannot ensure byte count %i larger than buffer size %i",
+            (int)count, (int)reader->size);
+
     // re-fill as much as possible
     mpack_partial_fill(reader);
 
@@ -591,6 +595,8 @@ const char* mpack_read_utf8_inplace(mpack_reader_t* reader, size_t count) {
 // Decodes a tag from a byte buffer. The size of the bytes buffer
 // must be at least MPACK_MINIMUM_TAG_SIZE.
 static size_t mpack_parse_tag(mpack_reader_t* reader, mpack_tag_t* tag) {
+    mpack_assert(reader->error == mpack_ok, "reader cannot be in an error state!");
+
     if (!mpack_reader_ensure(reader, 1))
         return 0;
     uint8_t type = mpack_load_u8(reader->buffer + reader->pos);
@@ -965,6 +971,8 @@ mpack_tag_t mpack_read_tag(mpack_reader_t* reader) {
     mpack_log("reading tag\n");
 
     // make sure we can read a tag
+    if (mpack_reader_error(reader) != mpack_ok)
+        return mpack_tag_nil();
     if (mpack_reader_track_element(reader) != mpack_ok)
         return mpack_tag_nil();
 
@@ -1008,6 +1016,9 @@ mpack_tag_t mpack_read_tag(mpack_reader_t* reader) {
 mpack_tag_t mpack_peek_tag(mpack_reader_t* reader) {
     mpack_log("peeking tag\n");
 
+    // make sure we can peek a tag
+    if (mpack_reader_error(reader) != mpack_ok)
+        return mpack_tag_nil();
     if (mpack_reader_track_peek_element(reader) != mpack_ok)
         return mpack_tag_nil();
 

src/mpack/mpack-reader.h

@@ -681,16 +681,15 @@ bool mpack_reader_ensure_straddle(mpack_reader_t* reader, size_t count);
 // Ensures there are at least count bytes left in the buffer. This will
 // flag an error if there is not enough data, and will assert if there
 // is a fill function and count is larger than the buffer size. Returns
-// true if there are enough bytes, false otherwise.
+// true if there are enough bytes, false otherwise. Error handling must
+// be done separately! The reader cannot be in an error state when this
+// is called.
 MPACK_INLINE bool mpack_reader_ensure(mpack_reader_t* reader, size_t count) {
     mpack_assert(count != 0, "cannot ensure zero bytes!");
+    mpack_assert(reader->error == mpack_ok, "reader cannot be in an error state!");
 
-    if (count <= reader->left) {
-        mpack_assert(reader->error == mpack_ok, "error state %i but there are %i bytes left?",
-                (int)reader->error, (int)reader->left);
+    if (count <= reader->left)
         return true;
-    }
-
     return mpack_reader_ensure_straddle(reader, count);
 }