infinity0
commented
3 years ago ping again on this :)
In case it wasn't clear, my last comment boils down to modifying this PR to instead have
tryDeserialise :: Serialise a => ByteString -> Either DeserialiseFailure (ByteString, a)
tryDeserialise = deserialiseFromBytes decodethe main purpose being to allow the user to avoid a direct dependency on cborg whilst also having full control over the decode process -- analogous to Data.Binary.decodeOrFail
This is useful in protocol-related logic where you want to be strict as possible and don't allow an attacker to send junk after a valid piece of data.