-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix zero size element vector deserialize security issue #41
Conversation
Ok(result) | ||
} | ||
} else { | ||
let mut result = Vec::with_capacity(hint::cautious::<T>(len)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this hint::cautious
also would divide by zero, when size_of::() is 0. This is the only place affected and happens to be fixed here too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update documentation.
@@ -36,7 +36,7 @@ Why do we need yet another serialization format? Borsh is the first serializer t | |||
* Consistent means there is a bijective mapping between objects and their binary representations. There is no two binary representations that deserialize | |||
into the same object. This is extremely useful for applications that use binary representation to compute hash; | |||
* Borsh comes with a full specification that can be used for implementations in other languages; | |||
* Safe. Borsh implementations use safe coding practices. In Rust, Borsh uses only safe code; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also the website, please.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See docs
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. just updated, is website auto deployed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry seems it's auto reformat on save by editor, i'll change it back now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
No description provided.