CBOR serialisation crashes

[marius-se]

Similar to SwiftCBOR trying to serialise a lot of invalid CBOR data crashes the entire app. Here is a small reproducible project:

potent_cbor_crash.zip

I saw that the Go CBOR library has different serialisation modes (one specifically for WebAuthn, which is the target application I'm working on) and a "wellformed" check (which IIRC is optional), maybe we could implement something similar for PotentCBOR to work around this crash?

[kdubb]

I'm very much in support of doing all we can to ensure ill-formed data is reported but doesn't crash the app.

I assume throwing an error is fine?

Thanks for reproducer!

[marius-se]

Cool! Yeah throwing an error should be fine! Adding the wellformed checks will likely decrease performance, so maybe we should make it optional?

[kdubb]

I'm not sure all the checks that Go CBOR does but I would say safety is a concern and CBOR is generally used for the externally sourced data (e.g. network, etc.)... disabling safety for a small performance gain is not really something that should be done.

I ran your reproducer and for that case it seems to simply need a loop counter and to check it against a maximum on every nested call. I can't imagine that disabling that would show any performance advantage.

[marius-se]

Oh okay! I don't really know how CBOR or the safety checks work under the hood, but if it's really just a nested level check you're right and it shouldn't kill performance!