Fix UTF-8 unsoundness in string::merge #194
Merged
Commits on Jun 9, 2019
-
Merge string value without as_mut_vec unsoundness
In case of an encoding error in string::merge, the appended string value is left with broken UTF-8 in case of an error. The same can happen if any of the Buf methods panics. This results in UB if the string value is used after the error return or in unwind, respectively. Change the implementation to truncate the string back to valid UTF-8 content in any code path that does not go through validation of the newly appended bytes.
-
Unit test for string::merge failure
Test that adding an invalid UTF-8 sequence results in an error, and that the string is reverted to its state prior to the merge call.
Commits on Jun 10, 2019
-
Safe reimplementation of string::merge
As suggested by Dan Burkert: https://github.com/danburkert/prost/pull/194#discussion_r292096009 The existing string value is dropped in case of a merge failure, but this is better than exposing an invalid value.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.