Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: decoding CBOR byte string into time.Time is allowed if decoding option DefaultByteStringType is set to reflect.TypeOf("") #501

Closed
fxamacker opened this issue Mar 3, 2024 · 3 comments
Closed

Bug: decoding CBOR byte string into time.Time is allowed if decoding option DefaultByteStringType is set to reflect.TypeOf("") #501

fxamacker opened this issue Mar 3, 2024 · 3 comments
Assignees
@benluddy
Labels
bug Something isn't working

Comments

@fxamacker
Copy link
Owner

fxamacker commented Mar 3, 2024
edited
Loading

DefaultByteStringType is a new decoding option that was recently added in v2.6.0.

Setting decoding option DefaultByteStringType to reflect.TypeOf("") causes unintended side effect of allowing CBOR byte string to be decoded into time.Time. Although decoding CBOR byte string into time.Time is a requested feature, it should not be allowed by a side effect.

Specifically, parse() decodes CBOR byte string into Go string if decoding option DefaultByteStringType is set to reflect.TypeOf("").

parseToTime() converts decoded Go value from parse() to time.Time, so CBOR byte string is decoded to Go string, which is then converted to time.Time.

This side effect is from implementation details and is not intended. DefaultByteStringType should be limited to its documented use.

        // DefaultByteStringType is the Go type that should be produced when decoding a CBOR byte
	// string into an empty interface value. Types to which a []byte is convertible are valid
	// for this option, except for array and pointer-to-array types. If nil, the default is
	// []byte.

Thanks @benluddy for initial discussion about this at #497. 👍
@fxamacker fxamacker added the bug Something isn't working label Mar 3, 2024
@fxamacker fxamacker self-assigned this Mar 3, 2024
@benluddy
Copy link
Contributor

benluddy commented Mar 4, 2024

@fxamacker If you haven't already started on this one, I'm happy to pick it up. Just let me know!

@fxamacker
Copy link
Owner Author

@fxamacker If you haven't already started on this one, I'm happy to pick it up. Just let me know!

@benluddy Thanks! That would be great! 👍 Now I'm glad I updated the fuzzer on Sunday rather than work on this. 😄

@fxamacker fxamacker assigned benluddy and unassigned fxamacker Mar 4, 2024
@benluddy benluddy mentioned this issue Mar 5, 2024
Merged
8 tasks
@fxamacker
Copy link
Owner Author

Closed by #503

@benluddy benluddy mentioned this issue Apr 24, 2024
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benluddy benluddy

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benluddy @fxamacker