a collection of lightweight TypeScript packages for AT Protocol, the protocol powering Bluesky
atproto
bluesky
typescript
npm
fix(cbor): throw on non-canonical argument encoding
+30
-6
+5
.changeset/silver-candies-shake.md
+5
.changeset/silver-candies-shake.md
+25
-6
packages/utilities/cbor/lib/decode.ts
+25
-6
packages/utilities/cbor/lib/decode.ts
···
14
14
return info;
15
15
}
16
16
17
+
let arg: number;
17
18
switch (info) {
18
19
case 24: {
19
-
return readUint8(state);
20
+
arg = readUint8(state);
21
+
if (arg < 24) {
22
+
throw new TypeError(`non-canonical argument encoding`);
23
+
}
24
+
break;
20
25
}
21
26
case 25: {
22
-
return readUint16(state);
27
+
arg = readUint16(state);
28
+
if (arg < 0x100) {
29
+
throw new TypeError(`non-canonical argument encoding`);
30
+
}
31
+
break;
23
32
}
24
33
case 26: {
25
-
return readUint32(state);
34
+
arg = readUint32(state);
35
+
if (arg < 0x10000) {
36
+
throw new TypeError(`non-canonical argument encoding`);
37
+
}
38
+
break;
26
39
}
27
40
case 27: {
28
-
return readUint53(state);
41
+
arg = readUint53(state);
42
+
if (arg < 0x100000000) {
43
+
throw new TypeError(`non-canonical argument encoding`);
44
+
}
45
+
break;
46
+
}
47
+
default: {
48
+
throw new Error(`invalid argument encoding; got ${info}`);
29
49
}
30
50
}
31
-
32
-
throw new Error(`invalid argument encoding; got ${info}`);
51
+
return arg;
33
52
};
34
53
35
54
const readFloat64 = (state: State): number => {