P1 and P2 are specified to represent 10 bytes of ASCII characters, this is not enforced because UTF-8 is used to encode and decode the byte values. UTF-8 characters are of variable length so the string "😊😊ö", which is 3 characters but 10 bytes long, can be serialized and deserialized.
Strings with whitespace, and I'm assuming control characters, can be serialized and deserialized.
The only thing that is actually enforced is that the strings are exactly 10 bytes long when serialized.
Suggested fix:
Add checks to ensure that the char codes for each serialized character and deserialized byte lie within the valid range [33, 126] or [0x21, 0x7E] (inclusive). This range corresponds to ASCII characters from "!" to "~", all ASCII characters except for control characters and whitespace.
It's also possible to use US-ASCII as the charset, but this does not enforce that no control or whitespace characters are in the string.
P1 and P2 are specified to represent 10 bytes of ASCII characters, this is not enforced because UTF-8 is used to encode and decode the byte values. UTF-8 characters are of variable length so the string "😊😊ö", which is 3 characters but 10 bytes long, can be serialized and deserialized.
Strings with whitespace, and I'm assuming control characters, can be serialized and deserialized.
The only thing that is actually enforced is that the strings are exactly 10 bytes long when serialized.
Suggested fix: Add checks to ensure that the char codes for each serialized character and deserialized byte lie within the valid range [33, 126] or [0x21, 0x7E] (inclusive). This range corresponds to ASCII characters from "!" to "~", all ASCII characters except for control characters and whitespace.
It's also possible to use US-ASCII as the charset, but this does not enforce that no control or whitespace characters are in the string.
To decide on a good range of valid characters this helps: http://www.asciitable.com/