Conversation
CBOR indefinite-length strings must only contain zero or more definite length strings (aka chunks), and a "break" stop code terminates the indefinite-length string. Previously, the encoder did not reject attempts to encode a nil value (instead of a chunk) to CBOR indefinite-length strings. This commit makes the encoder return an error when attempting to encode a nil to a CBOR indefinite-length string. Also added tests to check for this scenario.
Owner
Author
|
@x448 PTAL 🙏 I found this bug while refactoring. |
x448
approved these changes
Mar 22, 2026
| t.Errorf("Encode() returned error %q, want %q", err.Error(), "cbor: cannot encode item type slice for indefinite-length text string") | ||
| } | ||
| if err := encoder.Encode(123); err == nil { | ||
| t.Errorf("Encode() didn't return an error") |
Contributor
There was a problem hiding this comment.
This error message is confusing to me. It's easier to understand if it says something like "expected error foo but got nil error".
Owner
Author
There was a problem hiding this comment.
Good point! I found more of these, so I will open separate PR to clean them up.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Generally, using indefinite-length has security considerations, etc. unrelated to this library.
This PR adds a defensive check to prevent programs from incorrectly using this library to create CBOR indefinite-length strings having a CBOR nil value as a chunk.
Details
CBOR indefinite-length strings must only contain zero or more definite length strings (aka chunks), and a "break" stop code indicates the end of indefinite-length string.
Previously, the encoder did not reject attempts to encode a nil value (instead of a chunk) to CBOR indefinite-length strings.
This PR makes the codec return an error when attempting to encode a CBOR nil as a chunk in a CBOR indefinite-length string.
Also added tests to check that the encoder rejects this from now on.