Description
The example code in docs/rust-binary-router-library-design.md for the LengthPrefixedCodec encoder has a potential overflow bug that could cause silent truncation for large payloads.
Problem
In the encode function, the line:
dst.put_u32(data.len() as u32);
Casts data.len() to u32 without validation. For payloads larger than 4 GiB (u32::MAX), this will wrap around and produce corrupt output with an incorrect length prefix.
Solution
Add validation before the cast:
if data.len() > u32::MAX as usize {
return Err(io::Error::new(
io::ErrorKind::InvalidInput,
"payload exceeds 4 GiB limit",
));
}
dst.put_u32(data.len() as u32);Context
While this is example code in documentation rather than production code, it's important to demonstrate best practices to avoid misleading developers who might copy this pattern.
Description
The example code in
docs/rust-binary-router-library-design.mdfor theLengthPrefixedCodecencoder has a potential overflow bug that could cause silent truncation for large payloads.Problem
In the
encodefunction, the line:Casts
data.len()tou32without validation. For payloads larger than 4 GiB (u32::MAX), this will wrap around and produce corrupt output with an incorrect length prefix.Solution
Add validation before the cast:
Context
While this is example code in documentation rather than production code, it's important to demonstrate best practices to avoid misleading developers who might copy this pattern.