Defensive handling of reserved values in additional info (#249)

This restores the defensive handling of reserved values (28, 29, 30) in additional info in the CBOR head that was present in QCBOR 1.3. There are no problems or test failures in 1.4, but this fix should be picked up. The change is to put the QCBORItem initialization back in the right place. From analysis of the code, the only effect was when the header decode returned QCBOR_ERR_UNSUPPORTED, a recoverable error. It is assumed that no caller would examine the secondary fields of QCBORItem when this error occurs, so there's no issue. * Update version indicators to 1.4 * initialization fix --------- Co-authored-by: Laurence Lundblade <[email protected]>
laurencelundblade · Jul 29, 2024 · c737428 · c737428
1 parent 6837bbf
commit c737428
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/src/qcbor_decode.c b/src/qcbor_decode.c
@@ -1323,9 +1323,11 @@ QCBOR_Private_DecodeAtomicDataItem(QCBORDecodeContext  *pMe,
                                    QCBORItem           *pDecodedItem)
 {
    QCBORError uReturn;
-   int      nMajorType = 0;
-   uint64_t uArgument = 0;
-   int      nAdditionalInfo = 0;
+   int        nMajorType = 0;
+   uint64_t   uArgument = 0;
+   int        nAdditionalInfo = 0;
+
+   memset(pDecodedItem, 0, sizeof(QCBORItem));
 
    /* Decode the "head" that every CBOR item has into the major type,
     * argument and the additional info.
@@ -1335,8 +1337,6 @@ QCBOR_Private_DecodeAtomicDataItem(QCBORDecodeContext  *pMe,
       return uReturn;
    }
 
-   memset(pDecodedItem, 0, sizeof(QCBORItem));
-
    /* All the functions below get inlined by the optimizer. This code
     * is easier to read with them all being similar functions, even if
     * some functions don't do much.