search

paritytech / parity-common

Collection of crates used in Parity projects
https://www.paritytech.io/
Apache License 2.0
290 stars 218 forks source link

rlp: handling extra data #773

Open divagant-martian opened 1 year ago

divagant-martian commented 1 year ago

Unsure if this a bug or an api shortcoming.

When decoding bytes that have extra data, I would expect one of:

  1. an error on decoding
  2. a way to know the number of bytes that were readed, to externally deal with trailing data

example:

let input = vec![123, 32, 4, 156, 231, 200];
let mut stream = rlp::RlpStream::new();
input.rlp_append(&mut stream);
let bytes = stream.out().freeze();

let mut extra_data = bytes.to_vec();
extra_data.push(23);
extra_data.push(40);

rlp::decode::<Vec<u8>>(&extra_data).expect_err("extra data should not be ignored");
divagant-martian commented 1 year ago

rlp seems to accept concatenations of valid rlp data as valid rlp data, I think this is a bug. Take for example [193, 75] this is a one element list with payload 75 [193, 75, 248] this as a whole is not valid rlp data. It's also not valid as concatenation of rlp data. This is not rejected [193, 75, 75] as a whole is also not valid rlp data. However: [193, 75, 75] still produces item_count() = 2, and an iter that gives 75 and 75