Comments (3)
So, the BEVE code currently expects valid data. Your example shows how out of bound reads will occur for invalid data.
I tend to think checks should be added to ensure we don't read out of bounds. However, these errors should only occur if data is being incorrectly written, corrupted, or maliciously manipulated. We don't expect data to be incorrectly written, because we don't expect humans to be writing binary. Corruption and malicious manipulation can be handled through checksums and other security mechanisms. So, adding checks everywhere for incorrect serialization hasn't been a concern.
I'm curious under what condition you are either experiencing this problem or worried about it occurring?
I do think it is worth adding end buffer checks because the overhead is not very high and it adds another layer of protection. But, it just hasn't been a problem, and thus not addressed yet.
from glaze.
Adding more end of buffer and invalid binary checks in #945
from glaze.
We do need full end of buffer checking for open APIs, so this issue will be fully addressed in the future. In the meantime I have added warning about using BEVE in open contexts to the documentation (binary.md).
from glaze.
Related Issues (20)
- Split `make_reflectable` to a separate header HOT 5
- The executable glaze_ide is built but not installed HOT 2
- Need more examples and improved documentation HOT 5
- Add support for unions (like variants) HOT 9
- Document current support and add more support for JSON Merge Patch
- `validate_json` returns `syntax_error` if buffer contains non-ASCII chars HOT 3
- Support 0 and 1 as boolean values HOT 1
- Bazel support HOT 2
- ASIO REPE example bad file descriptor error HOT 2
- minify_json compiler errors when including header directly HOT 5
- Function signatures inconsistency between write_file_json and read_file_json HOT 2
- Stack overflow when returning intermediate object to serialize in_addr HOT 6
- Bug: Malformed JSON string produced HOT 10
- Build and test for 32-bit in Actions
- std::pair arrays roundtrip
- `float` member issue with `clang++-15` and `g++-12` HOT 3
- `json_test.cpp(7840): warning C4267: '=': conversion from 'size_t' to 'uint16_t', possible loss of data` HOT 1
- glz::reader/glz::writer for incremental reading/writing HOT 3
- Partial read for BEVE
- glz::raw without quotes question HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from glaze.