Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect encoding::decode_varint from overflow #527

Merged
merged 6 commits into from
Sep 20, 2021
Merged

Protect encoding::decode_varint from overflow #527

merged 6 commits into from
Sep 20, 2021

Conversation

ajguerrer
Copy link
Contributor

@ajguerrer ajguerrer commented Sep 5, 2021
edited
Loading

Fixes the infamous #528.

@ajguerrer ajguerrer mentioned this pull request Sep 5, 2021
Closed
ajguerrer
ajguerrer commented Sep 5, 2021
View reviewed changes
src/encoding.rs Outdated
@@ -167,7 +169,12 @@ where
let byte = buf.get_u8();
value |= u64::from(byte & 0x7F) << (count * 7);
if byte <= 0x7F {
return Ok(value);
// check for u64::MAX overflow
if count == 9 && byte >= 2 {
Copy link
Contributor Author

@ajguerrer ajguerrer Sep 5, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decided to add this check here in case moving it outside the first if caused some performance impact. This is the slow loop though...

@ajguerrer ajguerrer changed the title Protect decode_varint from overflow Protect encoding::decode_varint from overflow Sep 5, 2021
@LucioFranco
Copy link
Member

Do you know if the C++ code protects against this? From what I can tell it does not.

@ajguerrer
Copy link
Contributor Author

Do you know if the C++ code protects against this? From what I can tell it does not.

@LucioFranco, your right! The C++ code will happily parse and overflow. I found this while studying the Go code.

I understand that fixing this bug has debatable usefulness. It will not hurt my feelings at all if you decide not to merge this. I just thought it was interesting.

@LucioFranco
Copy link
Member

I appreciate it! @ajguerrer do you mind updating the code with a reference to that go code, both the function doc and the line you changed? I think if we have that then I am fine to merge, I just wanted to check if there was precedence.

@LucioFranco
Copy link
Member

Oh and also rebase against master

@ajguerrer ajguerrer force-pushed the decode-varint-overflow branch from eef22be to 10c77b4 Compare September 17, 2021 18:02
@ajguerrer
Copy link
Contributor Author

@LucioFranco hows this look?

@LucioFranco
Copy link
Member

@ajguerrer there is one rustfmt error if you can fix that then we can merge

@ajguerrer
Copy link
Contributor Author

@LucioFranco Once more!

@ajguerrer ajguerrer force-pushed the decode-varint-overflow branch from 356ab54 to 0d6b3d7 Compare September 17, 2021 20:30
@LucioFranco LucioFranco merged commit 87cea1d into tokio-rs:master Sep 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucioFranco LucioFranco LucioFranco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ajguerrer @LucioFranco