aboutsummaryrefslogtreecommitdiff
path: root/src/serialize.h
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2018-03-19 17:25:53 +0100
committerWladimir J. van der Laan <laanwj@gmail.com>2018-03-19 17:26:43 +0100
commitee7b67e2784a5f08dffa6b05cee0e64c53a693c8 (patch)
tree9c4df5c9440f9dd5d787e9f1af2c5703c0f62d96 /src/serialize.h
parentebdf84c9601e7a3ccf66974b5efba67f6d064456 (diff)
parent499d95e278f34790660a2b9baf5525e0def1485a (diff)
Merge #9753: Add static_assert to prevent VARINT(<signed value>)
499d95e27 Add static_assert to prevent VARINT(<signed value>) (Russell Yanofsky) Pull request description: Using VARINT with signed types is dangerous because negative values will appear to serialize correctly, but then deserialize as positive values mod 128. This commit changes the VARINT macro to trigger a compile error by default if called with an signed value, and it updates existing broken uses of VARINT to pass a special flag that lets them keep working with no changes in behavior. There is some discussion about this issue here: https://github.com/bitcoin/bitcoin/pull/9693#issuecomment-278701473. I think another good change along these lines would be to make `GetSizeOfVarInt` and `WriteVarInt` throw exceptions if they are passed numbers less than 0 to serialize. But unlike this change, that would be a change in runtime behavior, and need more consideration. Tree-SHA512: 082c65598cfac6dc1da042bdb47dbc9d5d789fc849fe52921cc238578588f4e5ff976c8b4b2ce42cb75290eb14f3b42ea76e26202c223c5b2aa63ef45c2ea3cc
Diffstat (limited to 'src/serialize.h')
-rw-r--r--src/serialize.h42
1 files changed, 33 insertions, 9 deletions
diff --git a/src/serialize.h b/src/serialize.h
index c454ba16b7..91da6b0f80 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -296,9 +296,31 @@ uint64_t ReadCompactSize(Stream& is)
* 2^32: [0x8E 0xFE 0xFE 0xFF 0x00]
*/
-template<typename I>
+/**
+ * Mode for encoding VarInts.
+ *
+ * Currently there is no support for signed encodings. The default mode will not
+ * compile with signed values, and the legacy "nonnegative signed" mode will
+ * accept signed values, but improperly encode and decode them if they are
+ * negative. In the future, the DEFAULT mode could be extended to support
+ * negative numbers in a backwards compatible way, and additional modes could be
+ * added to support different varint formats (e.g. zigzag encoding).
+ */
+enum class VarIntMode { DEFAULT, NONNEGATIVE_SIGNED };
+
+template <VarIntMode Mode, typename I>
+struct CheckVarIntMode {
+ constexpr CheckVarIntMode()
+ {
+ static_assert(Mode != VarIntMode::DEFAULT || std::is_unsigned<I>::value, "Unsigned type required with mode DEFAULT.");
+ static_assert(Mode != VarIntMode::NONNEGATIVE_SIGNED || std::is_signed<I>::value, "Signed type required with mode NONNEGATIVE_SIGNED.");
+ }
+};
+
+template<VarIntMode Mode, typename I>
inline unsigned int GetSizeOfVarInt(I n)
{
+ CheckVarIntMode<Mode, I>();
int nRet = 0;
while(true) {
nRet++;
@@ -312,9 +334,10 @@ inline unsigned int GetSizeOfVarInt(I n)
template<typename I>
inline void WriteVarInt(CSizeComputer& os, I n);
-template<typename Stream, typename I>
+template<typename Stream, VarIntMode Mode, typename I>
void WriteVarInt(Stream& os, I n)
{
+ CheckVarIntMode<Mode, I>();
unsigned char tmp[(sizeof(n)*8+6)/7];
int len=0;
while(true) {
@@ -329,9 +352,10 @@ void WriteVarInt(Stream& os, I n)
} while(len--);
}
-template<typename Stream, typename I>
+template<typename Stream, VarIntMode Mode, typename I>
I ReadVarInt(Stream& is)
{
+ CheckVarIntMode<Mode, I>();
I n = 0;
while(true) {
unsigned char chData = ser_readdata8(is);
@@ -351,7 +375,7 @@ I ReadVarInt(Stream& is)
}
#define FLATDATA(obj) CFlatData((char*)&(obj), (char*)&(obj) + sizeof(obj))
-#define VARINT(obj) WrapVarInt(REF(obj))
+#define VARINT(obj, ...) WrapVarInt<__VA_ARGS__>(REF(obj))
#define COMPACTSIZE(obj) CCompactSize(REF(obj))
#define LIMITED_STRING(obj,n) LimitedString< n >(REF(obj))
@@ -395,7 +419,7 @@ public:
}
};
-template<typename I>
+template<VarIntMode Mode, typename I>
class CVarInt
{
protected:
@@ -405,12 +429,12 @@ public:
template<typename Stream>
void Serialize(Stream &s) const {
- WriteVarInt<Stream,I>(s, n);
+ WriteVarInt<Stream,Mode,I>(s, n);
}
template<typename Stream>
void Unserialize(Stream& s) {
- n = ReadVarInt<Stream,I>(s);
+ n = ReadVarInt<Stream,Mode,I>(s);
}
};
@@ -461,8 +485,8 @@ public:
}
};
-template<typename I>
-CVarInt<I> WrapVarInt(I& n) { return CVarInt<I>(n); }
+template<VarIntMode Mode=VarIntMode::DEFAULT, typename I>
+CVarInt<Mode, I> WrapVarInt(I& n) { return CVarInt<Mode, I>{n}; }
/**
* Forward declarations