Open koivunej opened 2 years ago
I am not sure how to fix this. Here's a reproducer that works on top of 75a0517 in quick-protobuf/src/reader.rs.
protobuf/src/reader.rs
#[test] fn read_foomessage_panic() { let bytes = &[0, 93, 138, 1, 1, 170, 1, 0]; let mut r = BytesReader::from_bytes(bytes); assert!(!r.is_eof()); assert_eq!(r.next_tag(bytes).unwrap(), 0); r.read_unknown(bytes, 0).unwrap(); assert!(!r.is_eof()); assert_eq!(r.next_tag(bytes).unwrap(), 138); r.read_message::<Example>(bytes).unwrap(); struct Example; impl<'a> MessageRead<'a> for Example { fn from_reader(r: &mut BytesReader, bytes: &'a [u8]) -> Result<Self> { assert!(!r.is_eof()); assert_eq!(r.next_tag(bytes).unwrap(), 170); // there's nothing to read for the nested message assert_eq!(r.len(), 0); // this will call BytesReader::len which will trigger the subtraction with overflow r.read_packed_fixed::<&[f32]>(bytes).unwrap(); unreachable!() } } }
Found with #210.
I am not sure how to fix this. Here's a reproducer that works on top of 75a0517 in quick-
protobuf/src/reader.rs.Found with #210.