Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SpotifyId base 62 and 16 str decoding #1239

Merged
merged 1 commit into from
May 26, 2024
Merged

Fix SpotifyId base 62 and 16 str decoding #1239

merged 1 commit into from
May 26, 2024

Conversation

lelloman
Copy link
Contributor

@lelloman lelloman commented Jan 3, 2024

A SpotifyId is expected to be a 128 bits integer and can be parsed from a base 62 or 16 string. However the parsing functions only checked the validity of the characters of the string, but not its length. This could result in integer overflows or the parsing of incorrect strings as Spotify ids.

This commit add some checks to the length of the input string passed to the parse functions, and also checks for integer overflows in case of base62 encoded strings.

roderickvd
roderickvd reviewed Jan 3, 2024
View reviewed changes
Copy link
Member

@roderickvd roderickvd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! One small question.

core/src/spotify_id.rs Outdated Show resolved Hide resolved
roderickvd
roderickvd requested changes Mar 31, 2024
View reviewed changes
Copy link
Member

@roderickvd roderickvd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check the comments on line 105.

@lelloman
Fix SpotifyId base 62 and 16 str decoding
ce5e2f2 
A SpotifyId is expected to be a 128 bits integer and can be parsed from a
base 62 or 16 string. However the parsing functions only checked the validity of
the characters of the string, but not its length. This could result in integer
overflows or the parsing of incorrect strings as Spotify ids.

This commit add some checks to the length of the input string passed to the
parse functions, and also checks for integer overflows in case of base62
encoded strings.
@lelloman lelloman force-pushed the fix-base62-16-id-decoding-overflow branch from 9024fa8 to ce5e2f2 Compare May 23, 2024 14:22
@lelloman lelloman requested a review from roderickvd May 23, 2024 14:25
@lelloman
Copy link
Contributor Author

I guess that #1284 is needed to fix the failing clippy job?

@roderickvd roderickvd merged commit 7d45a94 into librespot-org:dev May 26, 2024
4 of 5 checks passed
@roderickvd
Copy link
Member

Thanks! Yes the other PR is required to fix the clippy warnings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roderickvd roderickvd roderickvd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lelloman @roderickvd