Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-event-stream for openSUSE:Factory checked in at 2026-03-20 21:20:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-event-stream (Old) and /work/SRC/openSUSE:Factory/.aws-c-event-stream.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-event-stream" Fri Mar 20 21:20:18 2026 rev:11 rq:1341439 version:0.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-event-stream/aws-c-event-stream.changes 2026-01-09 17:07:00.104728861 +0100 +++ /work/SRC/openSUSE:Factory/.aws-c-event-stream.new.8177/aws-c-event-stream.changes 2026-03-20 21:20:56.068315728 +0100 @@ -1,0 +2,6 @@ +Tue Mar 17 13:22:05 UTC 2026 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.6.0 + * Fix possible overflow by @TingDaoK in (#139) + +------------------------------------------------------------------- Old: ---- v0.5.9.tar.gz New: ---- v0.6.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-event-stream.spec ++++++ --- /var/tmp/diff_new_pack.TQ0QCk/_old 2026-03-20 21:20:56.820347059 +0100 +++ /var/tmp/diff_new_pack.TQ0QCk/_new 2026-03-20 21:20:56.820347059 +0100 @@ -1,7 +1,7 @@ # # spec file for package aws-c-event-stream # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define library_version 1.0.0 %define library_soversion 1 Name: aws-c-event-stream -Version: 0.5.9 +Version: 0.6.0 Release: 0 Summary: C99 implementation of the vnd.amazon.eventstream content-type License: Apache-2.0 ++++++ v0.5.9.tar.gz -> v0.6.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-event-stream-0.5.9/include/aws/event-stream/event_stream.h new/aws-c-event-stream-0.6.0/include/aws/event-stream/event_stream.h --- old/aws-c-event-stream-0.5.9/include/aws/event-stream/event_stream.h 2025-12-11 18:20:00.000000000 +0100 +++ new/aws-c-event-stream-0.6.0/include/aws/event-stream/event_stream.h 2026-03-05 00:20:57.000000000 +0100 @@ -24,12 +24,13 @@ * This is encoded on the wire in 4 bytes, and could technically be larger (up to INT32_MAX). */ #define AWS_EVENT_STREAM_MAX_HEADERS_SIZE (AWS_EVENT_STREAM_MAX_MESSAGE_SIZE) -/* Max header name length is 127 bytes. - * This is encoded on the wire in 1 byte, it cannot change. */ -#define AWS_EVENT_STREAM_HEADER_NAME_LEN_MAX (INT8_MAX) +/* Max header name length is 255 bytes. + * This is encoded on the wire in 1 byte as unsigned int, it cannot change. */ +#define AWS_EVENT_STREAM_HEADER_NAME_LEN_MAX (UINT8_MAX) /* Max header value length is 32767 bytes. - * This is encoded on the wire in 2 bytes, it cannot change. */ + * This is encoded on the wire in 2 bytes as unsigned int, but we followed Java implementation to limit to 32767. + * https://github.com/awslabs/aws-eventstream-java/blob/1e76ef478f0108b38e2d7b70b598b4e5f0def3d1/src/main/java/software/amazon/eventstream/Utils.java#L34-L40*/ #define AWS_EVENT_STREAM_HEADER_VALUE_LEN_MAX (INT16_MAX) enum aws_event_stream_errors { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-event-stream-0.5.9/source/event_stream.c new/aws-c-event-stream-0.6.0/source/event_stream.c --- old/aws-c-event-stream-0.5.9/source/event_stream.c 2025-12-11 18:20:00.000000000 +0100 +++ new/aws-c-event-stream-0.6.0/source/event_stream.c 2026-03-05 00:20:57.000000000 +0100 @@ -247,7 +247,6 @@ /* get the header info from the buffer, make sure to increment buffer offset. */ aws_byte_cursor_read_u8(&buffer_cur, &header.header_name_len); - AWS_RETURN_ERROR_IF(header.header_name_len <= INT8_MAX, AWS_ERROR_EVENT_STREAM_MESSAGE_INVALID_HEADERS_LEN); AWS_RETURN_ERROR_IF( aws_byte_cursor_read(&buffer_cur, header.header_name, (size_t)header.header_name_len), AWS_ERROR_EVENT_STREAM_BUFFER_LENGTH_MISMATCH); @@ -706,8 +705,6 @@ int8_t copy) { AWS_FATAL_PRECONDITION(headers); AWS_RETURN_ERROR_IF( - name_len <= AWS_EVENT_STREAM_HEADER_NAME_LEN_MAX, AWS_ERROR_EVENT_STREAM_MESSAGE_INVALID_HEADERS_LEN); - AWS_RETURN_ERROR_IF( value_len <= AWS_EVENT_STREAM_HEADER_VALUE_LEN_MAX, AWS_ERROR_EVENT_STREAM_MESSAGE_INVALID_HEADERS_LEN); struct aws_event_stream_header_value_pair header = { .header_name_len = name_len, @@ -1032,8 +1029,6 @@ AWS_FATAL_PRECONDITION(headers); AWS_FATAL_PRECONDITION(name); AWS_RETURN_ERROR_IF( - name_len <= AWS_EVENT_STREAM_HEADER_NAME_LEN_MAX, AWS_ERROR_EVENT_STREAM_MESSAGE_INVALID_HEADERS_LEN); - AWS_RETURN_ERROR_IF( value_len <= AWS_EVENT_STREAM_HEADER_VALUE_LEN_MAX, AWS_ERROR_EVENT_STREAM_MESSAGE_INVALID_HEADERS_LEN); struct aws_event_stream_header_value_pair header = { @@ -1238,6 +1233,9 @@ if (length_portion_read == sizeof(uint16_t)) { decoder->current_header.header_value_len = aws_read_u16(decoder->working_buffer); + AWS_RETURN_ERROR_IF( + decoder->current_header.header_value_len <= AWS_EVENT_STREAM_HEADER_VALUE_LEN_MAX, + AWS_ERROR_EVENT_STREAM_MESSAGE_INVALID_HEADERS_LEN); decoder->current_header_value_offset = decoder->message_pos; decoder->state = s_read_header_value; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-event-stream-0.5.9/tests/CMakeLists.txt new/aws-c-event-stream-0.6.0/tests/CMakeLists.txt --- old/aws-c-event-stream-0.5.9/tests/CMakeLists.txt 2025-12-11 18:20:00.000000000 +0100 +++ new/aws-c-event-stream-0.6.0/tests/CMakeLists.txt 2026-03-05 00:20:57.000000000 +0100 @@ -24,6 +24,7 @@ add_test_case(test_streaming_decoder_incoming_application_variable_headers_with_empty_length_pair_valid) add_test_case(test_streaming_decoder_incoming_application_one_bool_header_pair_valid) add_test_case(test_streaming_decoder_incoming_multiple_messages) +add_test_case(test_streaming_decoder_incoming_application_large_size_header_name_valid) add_test_case(test_channel_handler_single_valid_messages_parse) add_test_case(test_channel_handler_multiple_valid_messages_parse) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-event-stream-0.5.9/tests/message_streaming_decoder_test.c new/aws-c-event-stream-0.6.0/tests/message_streaming_decoder_test.c --- old/aws-c-event-stream-0.5.9/tests/message_streaming_decoder_test.c 2025-12-11 18:20:00.000000000 +0100 +++ new/aws-c-event-stream-0.6.0/tests/message_streaming_decoder_test.c 2026-03-05 00:20:57.000000000 +0100 @@ -3,6 +3,7 @@ * SPDX-License-Identifier: Apache-2.0. */ +#include <aws/checksums/crc.h> #include <aws/common/array_list.h> #include <aws/event-stream/event_stream.h> #include <aws/testing/aws_test_harness.h> @@ -704,3 +705,120 @@ } AWS_TEST_CASE(test_streaming_decoder_incoming_multiple_messages, s_test_streaming_decoder_incoming_multiple_messages_fn) + +static int s_test_streaming_decoder_incoming_application_large_size_header_name_valid_fn( + struct aws_allocator *allocator, + void *ctx) { + (void)ctx; + + /* This test replicates the --trigger case from POC which uses: + * - header name length: 255 + * - header name bytes: 255 (filled with 'A') + * - header type: 0x00 (bool true) + * This tests the decoder's handling of large header names (255 bytes) */ + + uint8_t name_len = 255; + size_t name_bytes = 255; + uint32_t headers_len = (uint32_t)(1 + name_bytes + 1); /* name_len byte + name + type byte */ + uint32_t total_len = (uint32_t)(AWS_EVENT_STREAM_PRELUDE_LENGTH + headers_len + AWS_EVENT_STREAM_TRAILER_LENGTH); + + /* Allocate buffer for the message */ + uint8_t *test_data = aws_mem_acquire(allocator, total_len); + memset(test_data, 0, total_len); + + /* Write prelude: total_len (4 bytes) */ + test_data[0] = (total_len >> 24) & 0xFF; + test_data[1] = (total_len >> 16) & 0xFF; + test_data[2] = (total_len >> 8) & 0xFF; + test_data[3] = total_len & 0xFF; + + /* Write prelude: headers_len (4 bytes) */ + test_data[4] = (headers_len >> 24) & 0xFF; + test_data[5] = (headers_len >> 16) & 0xFF; + test_data[6] = (headers_len >> 8) & 0xFF; + test_data[7] = headers_len & 0xFF; + + /* Calculate and write prelude CRC */ + uint32_t prelude_crc = aws_checksums_crc32(test_data, 8, 0); + test_data[8] = (prelude_crc >> 24) & 0xFF; + test_data[9] = (prelude_crc >> 16) & 0xFF; + test_data[10] = (prelude_crc >> 8) & 0xFF; + test_data[11] = prelude_crc & 0xFF; + + /* Write header: name_len */ + test_data[12] = name_len; + + /* Write header: name (filled with 'A') */ + memset(test_data + 13, 'A', name_bytes); + + /* Write header: type (0x07 = string, but we'll use 0x00 = bool true for simplicity) */ + test_data[13 + name_bytes] = 0x00; + + /* Calculate and write message CRC */ + uint32_t message_crc = aws_checksums_crc32(test_data, total_len - 4, 0); + size_t crc_offset = total_len - 4; + test_data[crc_offset] = (message_crc >> 24) & 0xFF; + test_data[crc_offset + 1] = (message_crc >> 16) & 0xFF; + test_data[crc_offset + 2] = (message_crc >> 8) & 0xFF; + test_data[crc_offset + 3] = message_crc & 0xFF; + + struct test_decoder_data decoder_data = { + .latest_payload = 0, + .written = 0, + .alloc = allocator, + .latest_error = 0, + }; + aws_event_stream_headers_list_init(&decoder_data.headers_list, allocator); + + struct aws_event_stream_streaming_decoder_options decoder_options = { + .on_payload_segment = s_decoder_test_on_payload_segment, + .on_prelude = s_decoder_test_on_prelude_received, + .on_header = s_decoder_test_header_received, + .on_complete = s_decoder_test_on_complete, + .on_error = s_decoder_test_on_error, + .user_data = &decoder_data}; + + struct aws_event_stream_streaming_decoder decoder; + aws_event_stream_streaming_decoder_init_from_options(&decoder, allocator, &decoder_options); + + struct aws_byte_buf test_buf = aws_byte_buf_from_array(test_data, total_len); + + ASSERT_SUCCESS( + aws_event_stream_streaming_decoder_pump(&decoder, &test_buf), "Message validation should have succeeded"); + ASSERT_SUCCESS(decoder_data.latest_error, "No Error callback shouldn't have been called"); + + ASSERT_INT_EQUALS(total_len, decoder_data.latest_prelude.total_len, "Message length mismatch"); + ASSERT_INT_EQUALS(headers_len, decoder_data.latest_prelude.headers_len, "Headers length mismatch"); + ASSERT_INT_EQUALS(prelude_crc, decoder_data.latest_prelude.prelude_crc, "Prelude CRC mismatch"); + + /* Verify header was parsed correctly */ + ASSERT_TRUE(aws_array_list_length(&decoder_data.headers_list) > 0, "Should have at least one header"); + struct aws_event_stream_header_value_pair latest_header; + aws_array_list_get_at(&decoder_data.headers_list, &latest_header, 0); + ASSERT_INT_EQUALS(name_len, latest_header.header_name_len, "Header name length should be 255"); + + /* Verify all header name bytes are 'A' */ + for (size_t i = 0; i < name_len; i++) { + ASSERT_INT_EQUALS('A', latest_header.header_name[i], "Header name byte should be 'A'"); + } + + /* Verify header value is bool true */ + int8_t header_value = aws_event_stream_header_value_as_bool(&latest_header); + ASSERT_INT_EQUALS(1, header_value, "Header value should be true"); + + ASSERT_UINT_EQUALS(message_crc, decoder_data.message_crc, "Message CRC mismatch"); + + if (decoder_data.latest_payload) { + aws_mem_release(allocator, decoder_data.latest_payload); + } + + aws_event_stream_streaming_decoder_clean_up(&decoder); + aws_event_stream_headers_list_cleanup(&decoder_data.headers_list); + aws_mem_release(allocator, test_data); + + return 0; +} + +AWS_TEST_CASE( + test_streaming_decoder_incoming_application_large_size_header_name_valid, + s_test_streaming_decoder_incoming_application_large_size_header_name_valid_fn)
