Chiebot-Mirror
/
protobuf
mirror of https://github.com/protocolbuffers/protobuf.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #342 from haberman/fuzz

Browse Source 
Clamp 32-bit varints to 5 bytes to fix a fuzz failure.
pull/13171/head
Joshua Haberman 4 years ago committed by GitHub
parent 50a543de7f 8d670d8aea
commit 963e501aa6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      benchmarks/compare.py
  2. 29
      upb/decode.c

4
benchmarks/compare.py
Unescape View File

@ -45,7 +45,9 @@ def Benchmark(outbase, bench_cpu=True, runs=12, fasttable=False):
# Translate into the format expected by benchstat.
with open(outbase + ".txt", "w") as f:
for run in bench_json["benchmarks"]:
name = re.sub(r'^BM_', 'Benchmark', run["name"])
name = run["name"]
name = name.replace(" ", "")
name = re.sub(r'^BM_', 'Benchmark', name)
if name.endswith("_mean") or name.endswith("_median") or name.endswith("_stddev"):
continue
values = (name, run["iterations"], run["cpu_time"])

29
upb/decode.c
Unescape View File

@ -219,13 +219,20 @@ static const char *decode_varint64(upb_decstate *d, const char *ptr,
}
UPB_FORCEINLINE
static const char *decode_varint32(upb_decstate *d, const char *ptr,
static const char *decode_tag(upb_decstate *d, const char *ptr,
uint32_t *val) {
uint64_t u64;
ptr = decode_varint64(d, ptr, &u64);
if (u64 > UINT32_MAX) decode_err(d);
*val = (uint32_t)u64;
return ptr;
uint64_t byte = (uint8_t)*ptr;
if (UPB_LIKELY((byte & 0x80) == 0)) {
*val = byte;
return ptr + 1;
} else {
const char *start = ptr;
decode_vret res = decode_longvarint64(ptr, byte);
ptr = res.ptr;
*val = res.val;
if (!ptr || *val > UINT32_MAX || ptr - start > 5) decode_err(d);
return ptr;
}
}
static void decode_munge(int type, wireval *val) {
@ -545,7 +552,7 @@ static const char *decode_msg(upb_decstate *d, const char *ptr, upb_msg *msg,
int op;
UPB_ASSERT(ptr < d->limit_ptr);
ptr = decode_varint32(d, ptr, &tag);
ptr = decode_tag(d, ptr, &tag);
field_number = tag >> 3;
wire_type = tag & 7;
@ -573,13 +580,15 @@ static const char *decode_msg(upb_decstate *d, const char *ptr, upb_msg *msg,
break;
case UPB_WIRE_TYPE_DELIMITED: {
int ndx = field->descriptortype;
uint64_t size;
if (_upb_isrepeated(field)) ndx += 18;
ptr = decode_varint32(d, ptr, &val.size);
if (val.size >= INT32_MAX ||
ptr - d->end + (int32_t)val.size > d->limit) {
ptr = decode_varint64(d, ptr, &size);
if (size >= INT32_MAX ||
ptr - d->end + (int32_t)size > d->limit) {
decode_err(d); /* Length overflow. */
}
op = delim_ops[ndx];
val.size = size;
break;
}
case UPB_WIRE_TYPE_START_GROUP:

Write Preview
Loading…
Cancel
Save