encoding/cbor: add decoder flags and protect from malicious untrusted input

1 files changed, 14 insertions, 3 deletions

diff --git a/tests/core/encoding/cbor/test_core_cbor.odin b/tests/core/encoding/cbor/test_core_cbor.odin
index 06b96c915..23bfbd3d8 100644
--- a/tests/core/encoding/cbor/test_core_cbor.odin
+++ b/tests/core/encoding/cbor/test_core_cbor.odin
@@ -4,6 +4,7 @@ import "core:bytes"
 import "core:encoding/cbor"
 import "core:fmt"
 import "core:intrinsics"
+import "core:io"
 import "core:math/big"
 import "core:mem"
 import "core:os"
@@ -61,7 +62,9 @@ main :: proc() {
 	test_marshalling_maybe(&t)
 	test_marshalling_nil_maybe(&t)
 
-	test_cbor_marshalling_union(&t)
+	test_marshalling_union(&t)
+
+	test_lying_length_array(&t)
 
 	test_decode_unsigned(&t)
 	test_encode_unsigned(&t)
@@ -202,7 +205,7 @@ test_marshalling :: proc(t: ^testing.T) {
 		ev(t, err, nil)
 		defer delete(data)
 
-		decoded, derr := cbor.decode_string(string(data))
+		decoded, derr := cbor.decode(string(data))
 		ev(t, derr, nil)
 		defer cbor.destroy(decoded)
 
@@ -398,7 +401,7 @@ test_marshalling_nil_maybe :: proc(t: ^testing.T) {
 }
 
 @(test)
-test_cbor_marshalling_union :: proc(t: ^testing.T) {
+test_marshalling_union :: proc(t: ^testing.T) {
 	My_Distinct :: distinct string
 
 	My_Enum :: enum {
@@ -458,6 +461,14 @@ test_cbor_marshalling_union :: proc(t: ^testing.T) {
 }
 
 @(test)
+test_lying_length_array :: proc(t: ^testing.T) {
+	// Input says this is an array of length max(u64), this should not allocate that amount.
+	input := []byte{0x9B, 0x00, 0x00, 0x42, 0xFA, 0x42, 0xFA, 0x42, 0xFA, 0x42}
+	_, err := cbor.decode(string(input))
+	expect_value(t, err, io.Error.Unexpected_EOF) // .Out_Of_Memory would be bad.
+}
+
+@(test)
 test_decode_unsigned :: proc(t: ^testing.T) {
 	expect_decoding(t, "\x00", "0", u8)
 	expect_decoding(t, "\x01", "1", u8)