Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reject trailing bytes when deserializing from &[u8] #193

Closed
dtolnay opened this issue Jul 7, 2017 · 5 comments
Closed

Reject trailing bytes when deserializing from &[u8] #193

dtolnay opened this issue Jul 7, 2017 · 5 comments
Milestone

Comments

@dtolnay
Copy link
Collaborator

@dtolnay dtolnay commented Jul 7, 2017

In deserialize_from, it makes sense to allow deserializing multiple values from the same io::Read. But in deserialize, I think trailing data should be an error.

I would expect this to be an error rather than ignoring b"x":

extern crate bincode;

fn main() {
    println!("{:?}", bincode::deserialize::<char>(b"1x"));
}
@chrisdew
Copy link

@chrisdew chrisdew commented Jul 7, 2017

@dtolnay Is this issue in response to my question: #192 ?

Does it mean that multiple serialised messages (differing by trailing bytes) can deserialise to the same content?

@dtolnay
Copy link
Collaborator Author

@dtolnay dtolnay commented Jul 7, 2017

#192 (comment) gives a workaround to detect trailing bytes.

@dtolnay dtolnay added this to the 1.0 milestone Jul 20, 2017
@ZoeyR
Copy link
Collaborator

@ZoeyR ZoeyR commented Jul 23, 2017

I'm wondering if this is possible to achieve without incurring a performance penalty. The first method that came to mind was to modify the SliceReader struct, but the read methods on this struct may get called multiple times and there is no way to know if this is the last call so that method is out. The only other method that is immediatly obvious to me is to keep track of bytes read during the deserialization and error out at the end if bytes read and buffer length don't match. The issue with this method is that we would have to add code (Quite possibly to the sizelimit structs) to check this, which seems like it would be an unwanted amount of overhead. Especially in the common case of SizeLimit::Infinite

Edit: I've figured out a way to do this but the code ends up being much nicer if we can use pub(restricted). @dtolnay or @TyOverby are there any policies on the minimum Rust version bincode needs to compile on?

@dtolnay
Copy link
Collaborator Author

@dtolnay dtolnay commented Jul 23, 2017

Thanks for tackling this.

  • A constant overhead is fine (i.e. not linear in the number of input bytes).
  • Using pub(restricted) is fine. It can easily be replaced with #[doc(hidden)] if someone complains.
@TyOverby TyOverby modified the milestones: 1.0, post-1.0 Nov 15, 2017
@TyOverby
Copy link
Collaborator

@TyOverby TyOverby commented Nov 15, 2017

I'm moving this to post-1.0 because I don't think that it is fundamental to the library and can be added in a backwards compatible way with a config option.

The config option won't even need to be a compile-time reified config option either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants
You can’t perform that action at this time.