Better error for _EnterBstrWrapped on allocated (indef) strings (#221)
Better error for QCBORDecode_EnterBstrWrapped on allocated strings. Since indefinite-length strings are always allocated, this gives a better error for attempts to use this on indefinite-length strings.
The TODO: to make this work is closed out as it was decided not to support QCBORDecode_EnterBstrWrapped() on indefinite-length strings. To do so would require increasing the size of QCBORItem.
* Add limitations comment
---------
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
diff --git a/inc/qcbor/qcbor_common.h b/inc/qcbor/qcbor_common.h
index 288c691..752d149 100644
--- a/inc/qcbor/qcbor_common.h
+++ b/inc/qcbor/qcbor_common.h
@@ -523,6 +523,11 @@
* (to save object code). */
QCBOR_ERR_RECOVERABLE_BAD_TAG_CONTENT = 78,
+ /** QCBORDecode_EnterBstrWrapped() cannot be used on
+ * indefinite-length strings because they exist in memory pool for
+ * a @ref QCBORStringAllocate. */
+ QCBOR_ERR_CANNOT_ENTER_ALLOCATED_STRING = 79,
+
/** A range of error codes that can be made use of by the
* caller. QCBOR internally does nothing with these except notice
* that they are not QCBOR_SUCCESS. See QCBORDecode_SetError(). */
diff --git a/inc/qcbor/qcbor_encode.h b/inc/qcbor/qcbor_encode.h
index 75b4d64..774f272 100644
--- a/inc/qcbor/qcbor_encode.h
+++ b/inc/qcbor/qcbor_encode.h
@@ -366,6 +366,7 @@
* - Tags on labels are ignored during decoding.
* - The maximum tag nesting is @c QCBOR_MAX_TAGS_PER_ITEM (typically 4).
* - Works only on 32- and 64-bit CPUs.
+ * - QCBORDecode_EnterBstrWrapped() doesn't work on indefinite-length strings.
*
* The public interface uses @c size_t for all lengths. Internally the
* implementation uses 32-bit lengths by design to use less memory and
diff --git a/inc/qcbor/qcbor_spiffy_decode.h b/inc/qcbor/qcbor_spiffy_decode.h
index 32a8ef5..b374e9e 100644
--- a/inc/qcbor/qcbor_spiffy_decode.h
+++ b/inc/qcbor/qcbor_spiffy_decode.h
@@ -1780,8 +1780,8 @@
* CBOR. QCBORDecode_ExitBstrWrapped() must be called to resume
* processing CBOR outside the wrapped CBOR.
*
- * This does not (currently) work on indefinite-length strings. The
- * (confusing) error @ref QCBOR_ERR_INPUT_TOO_LARGE will be set.
+ * This does not work on indefinite-length strings. The
+ * error @ref QCBOR_ERR_CANNOT_ENTER_ALLOCATED_STRING will be set.
*
* If @c pBstr is not @c NULL the pointer and length of the wrapped
* CBOR will be returned. This is usually not needed, but sometimes
diff --git a/src/qcbor_decode.c b/src/qcbor_decode.c
index 799fff2..56f15f7 100644
--- a/src/qcbor_decode.c
+++ b/src/qcbor_decode.c
@@ -4131,6 +4131,11 @@
return;
}
+ if(Item.uDataAlloc) {
+ pMe->uLastError = QCBOR_ERR_CANNOT_ENTER_ALLOCATED_STRING;
+ return;
+ }
+
pMe->uLastError = (uint8_t)QCBORDecode_Private_EnterBstrWrapped(pMe,
&Item,
uTagRequirement,
diff --git a/test/qcbor_decode_tests.c b/test/qcbor_decode_tests.c
index 7b3b0f3..7fedf91 100644
--- a/test/qcbor_decode_tests.c
+++ b/test/qcbor_decode_tests.c
@@ -8642,16 +8642,14 @@
QCBORDecode_EnterArray(&DCtx, NULL);
QCBORDecode_EnterBstrWrapped(&DCtx, 2, NULL);
- if(QCBORDecode_GetError(&DCtx) != QCBOR_ERR_INPUT_TOO_LARGE) {
- /* TODO: This is what happens when trying to enter
- * indefinite-length byte string wrapped CBOR. Tolerate for
- * now. Eventually it needs to be fixed so this works, but that
- * is not simple.
- */
+ if(QCBORDecode_GetError(&DCtx) != QCBOR_ERR_CANNOT_ENTER_ALLOCATED_STRING) {
return 7300;
}
/*
+ Improvement: Fix QCBORDecode_EnterBstrWrapped() so it can work on
+ allocated strings. This is a fairly big job because of all the
+ UsefulBuf internal book keeping that needs tweaking.
QCBORDecode_GetUInt64(&DCtx, &i);
if(i != 42) {
return 7110;
@@ -8660,7 +8658,8 @@
QCBORDecode_GetUInt64(&DCtx, &i);
if(i != 42) {
return 7220;
- }*/
+ }
+ */
#endif /* QCBOR_DISABLE_INDEFINITE_LENGTH_STRINGS */