The situation is that BytesUncompressed() returns serialized bytes in a "trusted" fashion -- that is, simply the X and Y coordinates to be deserialized later. That's fine, but in SetBytesUncompressed(..., trusted bool) we allow both trusted and untrusted deserialization. So if you call SetBytesUncompressed(...) with the wrong trusted flag then it will fail.
The reality is that we don't use uncompressed bytes serialization from untrusted sources in any place in geth (at least for now), so what I do here is to be a bit more clear about expectations in the API.
Concretely, rename to BytesUncompressedTrusted() which gives a clear signal that in the future those bytes can be deserialized with SetBytesUncompressed(..., true).
This PR fixes a situation found by @advaita-saha.
The situation is that
BytesUncompressed()
returns serialized bytes in a "trusted" fashion -- that is, simply the X and Y coordinates to be deserialized later. That's fine, but inSetBytesUncompressed(..., trusted bool)
we allow both trusted and untrusted deserialization. So if you callSetBytesUncompressed(...)
with the wrongtrusted
flag then it will fail.The reality is that we don't use uncompressed bytes serialization from untrusted sources in any place in geth (at least for now), so what I do here is to be a bit more clear about expectations in the API.
Concretely, rename to
BytesUncompressedTrusted()
which gives a clear signal that in the future those bytes can be deserialized withSetBytesUncompressed(..., true)
.I added a test that shows this case.