Skip to content

fix: use correct read uvarint function when decoding Handshake covenants #440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 24, 2025
Merged

fix: use correct read uvarint function when decoding Handshake covenants #440

merged 1 commit into from
Nov 24, 2025

Conversation

@agaffney
Copy link
Contributor

@agaffney agaffney commented Nov 24, 2025
edited by coderabbitai bot
Loading

Summary by cubic

Fixed Handshake covenant decoding by using ReadUvarintReader for varints instead of binary.ReadUvarint with a ByteReader cast. Prevents panics on non-ByteReader inputs and correctly parses item counts and lengths.

Written for commit 53830a8. Summary will update automatically on new commits.

Summary by CodeRabbit

  • Refactor
    • Internal improvements to code reliability and maintainability. No user-facing changes.

✏️ Tip: You can customize this high-level summary in your review settings.

@agaffney
fix: use correct read uvarint function when decoding Handshake covenants
53830a8 
Signed-off-by: Aurora Gaffney <aurora@blinklabs.io>
@agaffney agaffney requested a review from a team as a code owner November 24, 2025 21:00
@coderabbitai
Copy link

coderabbitai bot commented Nov 24, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The Decode method in internal/handshake/covenant.go is refactored to replace direct calls to binary.ReadUvarint() with a new ReadUvarintReader() helper function. Two instances of reading varint values (itemCount and itemLength) are updated to use the new helper instead of performing type assertion to io.ByteReader. The control flow for looping through items and reading bytes remains unchanged, and error handling is preserved.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~7 minutes

  • Verify that ReadUvarintReader() provides functionally equivalent behavior to the type-asserted binary.ReadUvarint() approach
  • Confirm error propagation from the helper function matches the original implementation
  • Check that the change doesn't affect the reading sequence or item parsing logic

Possibly related PRs

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: replacing an incorrect io.ByteReader type assertion with a proper helper function (ReadUvarintReader) in the Decode method.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/handshake-read-uvarint

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 24, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
internal/handshake/covenant.go (1)

46-56: Consider bounds-checking itemCount and itemLength to avoid huge allocations

Because ReadUvarintReader can return arbitrarily large uint64 values from untrusted input, for range itemCount and make([]byte, itemLength) could be abused to force very large loops/allocations. If this code runs on untrusted network data, consider enforcing protocol-level limits on itemCount and itemLength (e.g., max items per covenant, max item size) and returning an error when exceeded.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1f97e95 and 53830a8.

📒 Files selected for processing (1)
  • internal/handshake/covenant.go (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
internal/handshake/covenant.go (1)
internal/handshake/varint.go (1)
  • ReadUvarintReader (29-70)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: cubic · AI code reviewer
  • GitHub Check: Analyze (go)
🔇 Additional comments (1)
internal/handshake/covenant.go (1)

42-52: Correct helper used for Handshake varint decoding

Switching both itemCount and itemLength to ReadUvarintReader(r) aligns covenant decoding with the custom Handshake varint format implemented in internal/handshake/varint.go and avoids relying on the reader implementing io.Reader+io.ByteReader. Error propagation and control flow remain unchanged, so this looks like a safe and targeted correctness fix.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 24, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@agaffney agaffney merged commit c818c4f into main Nov 24, 2025
12 checks passed
@agaffney agaffney deleted the fix/handshake-read-uvarint branch November 24, 2025 21:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@wolf31o2 wolf31o2 wolf31o2 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@agaffney @wolf31o2