Package: node-cbor Version: 8.1.0+dfsg+~cs5.2.1-3 Severity: normal File: /usr/bin/cbor2comment
cbor2comment can throw an exception when a null is deserialized: $ cat >data <<-EOF AKViaWQAaHNlbGVjdG9yoWRwYXRoTi9tZW1vcnkvdmF1bHQvZ3JlY3Vyc2WhZ2Jvb2xlYW71ZGtp bmRqY3JlZGVudGlhbGRib2R5rGh1c2VybmFtZaFnbGl0ZXJhbENmb29mc2VjcmV0oWNhbnn2aGF1 dGh0eXBloWNhbnn2ZGtpbmShZ2xpdGVyYWxjYXBpaHByb3RvY29soWdsaXRlcmFsZWh0dHBzZGhv c3ShZ2xpdGVyYWxvZ2l0LmV4YW1wbGUuY29tZXRpdGxloWdsaXRlcmFseB1HaXQ6IGh0dHBzOi8v Z2l0LmV4YW1wbGUuY29tL2tkZXNjcmlwdGlvbqFjYW559mRwYXRooWNhbnn2Z3NlcnZpY2WhZ2xp dGVyYWxjZ2l0ZWV4dHJhoGJpZKFnbGl0ZXJhbFiAODhkMmQ3Njc4YzEyNzdmODFiMzhmZWJkOWQ5 M2Y0ZDc0ZGY4OGYyNzIwOTYwMzA4YTFjY2VjZmI1N2QzNjVmNTNiMTAyMjc2YmQ1YjQ0MjcwMjkz ZDQzNDU4M2RkMmVmNmMxZGViODdmYzI5NTA4YTc2YjI3YjA3OTgyNmI3MDYK EOF $ base64 -d data | cbor2comment [Some data...] f6 -- {Val:0}, TypeError: Cannot read properties of null (reading 'Symbol(nodejs.util.inspect.custom)') at Object.cborValueToString (/usr/share/nodejs/cbor/lib/utils.js:246:21) at Commented._on_value (/usr/share/nodejs/cbor/lib/commented.js:336:23) at Decoder.emit (node:events:517:28) at Decoder._parse (/usr/share/nodejs/cbor/lib/decoder.js:555:12) at _parse.next (<anonymous>) at Decoder._transform (/usr/share/nodejs/cbor/vendor/binary-parse-stream/index.js:53:29) at Transform._write (node:internal/streams/transform:175:8) at writeOrBuffer (node:internal/streams/writable:392:12) at _write (node:internal/streams/writable:333:10) at Writable.write (node:internal/streams/writable:337:10) I expected cbor2comment to print the data, including the null, without throwing an exception or truncating the dump. I should note that cbor2json works, but because my data structure uses byte strings heavily, the dump is effectively unreadable. I have not found other non-null data that triggers an error. In case it is useful to know, the data structure was serialized using the Rust library serde_cbor. It's test data and is not sensitive, so feel free to share it, add it to the testsuite, etc. I believe this may be fixed with PR #188 upstream (in v9.0.2), but I'm unsure. In any event, I expect it's easy to verify one way or the other with the steps above. -- System Information: Debian Release: trixie/sid APT prefers oldstable-security APT policy: (500, 'oldstable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.6.9-amd64 (SMP w/20 CPU threads; PREEMPT) Kernel taint flags: TAINT_USER, TAINT_WARN Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages node-cbor depends on: ii node-bignumber 9.1.1-1 ii node-commander 9.4.1-1 ii nodejs 18.19.0+dfsg-6 node-cbor recommends no packages. node-cbor suggests no packages. -- no debconf information -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
signature.asc
Description: PGP signature