Conversation
- RejectIndefinite: error at the indefinite-length sigil byte
(0x5f, 0x7f, 0x9f, 0xbf) for codecs that disallow them
(e.g. DAG-CBOR).
- MaxIndefiniteSize: cap on cumulative size of indefinite-length
bytes/strings during chunk aggregation. Defaults to 32 MiB,
matching the existing per-chunk cap.
No behaviour change beyond removing dead code and tightening a deprecated API call.
The other suppressed checks (ST1000, ST1003, ST1016, ST1020, ST1021, ST1022) match staticcheck's own default exclusions for stylistic checks that aren't on by default; they are listed explicitly because using "all" as the base reactivates them.
Reader paths now read in 4 KiB chunks rather than allocating the full requested length up front. Numeric decode paths propagate the matching read errors before unpacking; indefinite bytes/strings stage each chunk through Readn for consistency with the definite path.
Go 1.18-style fuzz harnesses for the cbor and json decoders, with
allocation/token-count invariants enforced on every input. Seed
corpora live under testdata/fuzz_corpus and include:
- cbor: codec-fixtures (128 dag-cbor cases), RFC 7049 Appendix A
test vectors (82), one negative case from codec-fixtures
- json: codec-fixtures (128 dag-json cases), one negative case
Each package adds a small handcrafted seed set for edge cases.
Includes FuzzCborRoundtrip, which asserts decode/re-encode stability:
if a payload decodes without error, the first canonicalized output
and a subsequent decode+re-encode must produce identical bytes.
Also adds companion exhaustive 0/1/2-byte input tests in each
package.
Rejects CBOR heads whose integer argument is encoded in more bytes than necessary. Applies uniformly to uints, negative ints, length headers (bytes/strings/arrays/maps) and tag headers since all share decodeUint.
Errors at decodeFloat when the decoded value is NaN or +/-Inf respectively. Catches all float widths (f16/f32/f64) since the check is on the resulting float64 value, not the wire form.
Rejects 16-bit (0xf9) and 32-bit (0xfa) float encodings at the sigil byte, before the payload is read.
NewSliceReader left available-bytes at zero (always EOF). Readb tracked the full destination buffer on short reads. Add tests for SlickReader and TokenPump.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Each commit is doing work here.
Decoder changes:
SlickReader, so length-prefixed reads grow with read progress rather than preallocating the declared length up frontDecodeOptions.RejectIndefiniteandMaxIndefiniteSizebound indefinite-length aggregationStrict-mode decode flags (opt-in, off by default):
RejectNonMinimalInteger: rejects non-minimal integer headersRejectNaN,RejectInfinity: rejects non-finite floatsRejectNarrowFloat: rejects 16- and 32-bit float encodings