mirror of
https://github.com/protobuf-c/protobuf-c.git
synced 2024-12-26 21:04:23 +08:00
d58d7ca271
The scan_length_prefixed_data() function returns the number of bytes taken up by a varint length delimiter, plus the actual value of that delimiter. Since it returns a uint32_t, a delimiter of 2^32 - 1 (or close to that) could cause the return value to overflow and result in an incorrect value. At first I tried to fix it by making scan_length_prefixed_data() use a size_t for its result, but I realized this would have no effect on 32-bit systems. To fix the problem for 32-bit, I changed the function to return early if the length is 2 GiB or more (protobuf messages are not allowed to be that large). I kept the size_t change anyway, since the result will ultimately be stored in a size_t (ScannedMember.len) and we might as well stay consistent with that. Signed-off-by: Adam Cozzette <acozzette@google.com>
There are two tests. "test-generated-code" is a simple test that can easily be adapted. "test-generated-code2" is a comprehensive test. -- If you have a quick problem, hack at "test-generated-code"; but i don't want that file to be too hard to navigate, so you must eventually add a test to "test-generated-code2". I appreciate additional test cases! Please submit them as issues in the tracking system, or email me. -- Here are the files involved in each test: test.proto Protobuf declarations for the simple test. test.pb-c.c Protobuf-C generated code based on test.proto test.pb-c.h Protobuf-C generated code based on test.proto test-full.proto Protobuf declarations for the exhaustive test. test-full.pb-c.c Protobuf-C generated code based on test-full.proto test-full.pb-c.h Protobuf-C generated code based on test-full.proto test-full.pb.cc Protobuf (C++) generated code based on test-full.proto test-full.pb.h Protobuf (C++) generated code based on test-full.proto generated-code/ test-generated-code.c Actual test code. test-generated-code Test executable. generated-code2/ cxx-generate-packed-data.cc C++ code to generated data to compare with C. cxx-generate-packed-data Program whichs generates data (using C++ api) test-full-cxx-output.inc Output of cxx-generate-packed-data. test-generated-code2.c Actual test code. test-generated-code2 Test executable.