From c18aa7795a2e02ef700ff8b039d94ecdcc33432f Mon Sep 17 00:00:00 2001 From: Thomas Van Lenten Date: Wed, 29 Jun 2016 09:51:13 -0400 Subject: Validate the tag numbers when parsing. (#1725) There was a twist code path (that some times showed up due to what happened to be in memory in failure cases), that would cast a bogus wire type into the enum, and then fall through switch statements. Resolve this by validating all wire types when parsing tags and throwing the error at that point so it can't enter the system. As added safety, stick in a few asserts for apis that get passed tags to ensure they also are only seeing valid data. Bonus: Tweak the parsing loop to skip some work when we get the end marker (zero tag) instead of still looping through all the fields. --- objectivec/GPBWireFormat.m | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'objectivec/GPBWireFormat.m') diff --git a/objectivec/GPBWireFormat.m b/objectivec/GPBWireFormat.m index 193235d6..860a339f 100644 --- a/objectivec/GPBWireFormat.m +++ b/objectivec/GPBWireFormat.m @@ -49,6 +49,13 @@ uint32_t GPBWireFormatGetTagFieldNumber(uint32_t tag) { return GPBLogicalRightShift32(tag, GPBWireFormatTagTypeBits); } +BOOL GPBWireFormatIsValidTag(uint32_t tag) { + uint32_t formatBits = (tag & GPBWireFormatTagTypeMask); + // The valid GPBWireFormat* values are 0-5, anything else is not a valid tag. + BOOL result = (formatBits <= 5); + return result; +} + GPBWireFormat GPBWireFormatForType(GPBDataType type, BOOL isPacked) { if (isPacked) { return GPBWireFormatLengthDelimited; -- cgit v1.2.3