diff options
Diffstat (limited to 'js/binary/decoder.js')
-rw-r--r-- | js/binary/decoder.js | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/js/binary/decoder.js b/js/binary/decoder.js index a38a5011..6db28e7c 100644 --- a/js/binary/decoder.js +++ b/js/binary/decoder.js @@ -582,24 +582,27 @@ jspb.BinaryDecoder.prototype.readUnsignedVarint32 = function() { x |= (temp & 0x0F) << 28; if (temp < 128) { // We're reading the high bits of an unsigned varint. The byte we just read - // also contains bits 33 through 35, which we're going to discard. + // also contains bits 33 through 35, which we're going to discard. Those + // bits _must_ be zero, or the encoding is invalid. + goog.asserts.assert((temp & 0xF0) == 0); this.cursor_ += 5; goog.asserts.assert(this.cursor_ <= this.end_); return x >>> 0; } - // If we get here, we need to truncate coming bytes. However we need to make - // sure cursor place is correct. - var i = 5; - do { - goog.asserts.assert(i < 10); - if (bytes[this.cursor_ + i] < 128) { - break; - } - i++; - } while (1); + // If we get here, we're reading the sign extension of a negative 32-bit int. + // We can skip these bytes, as we know in advance that they have to be all + // 1's if the varint is correctly encoded. Since we also know the value is + // negative, we don't have to coerce it to unsigned before we return it. + + goog.asserts.assert((temp & 0xF0) == 0xF0); + goog.asserts.assert(bytes[this.cursor_ + 5] == 0xFF); + goog.asserts.assert(bytes[this.cursor_ + 6] == 0xFF); + goog.asserts.assert(bytes[this.cursor_ + 7] == 0xFF); + goog.asserts.assert(bytes[this.cursor_ + 8] == 0xFF); + goog.asserts.assert(bytes[this.cursor_ + 9] == 0x01); - this.cursor_ += i + 1; + this.cursor_ += 10; goog.asserts.assert(this.cursor_ <= this.end_); return x; }; |