Skip to content

fix: guard encodeVarint against out-of-range and non-integer inputs#6

Open
iRonin wants to merge 1 commit into
standardagents:mainfrom
iRonin:fix/encode-varint-guard
Open

fix: guard encodeVarint against out-of-range and non-integer inputs#6
iRonin wants to merge 1 commit into
standardagents:mainfrom
iRonin:fix/encode-varint-guard

Conversation

@iRonin
Copy link
Copy Markdown

@iRonin iRonin commented May 23, 2026

Problem

encodeVarint() uses value >>> 0 to clamp input to 32-bit unsigned, silently truncating values ≥ 2³². If a protobuf tag ever exceeds this limit, the encoded message is corrupted without any error.

Currently all field numbers are < 256 so this is not exploitable today, but it is a correctness bug in the encoding layer.

Fix

Add explicit guards:

  • Throw for non-integer or negative inputs
  • Throw for values ≥ 2³²

This converts silent data corruption into a fail-loud error.

Files changed

  • worker/cursor.ts — validation guards in encodeVarint()
  • worker/cursor.test.ts — test verifying normal usage still works

fix: guard encodeVarint against out-of-range and non-integer inputs
b98631b 
encodeVarint silently truncated values >= 2^32 via '>>> 0', corrupting
protobuf encoding. Add explicit guards that throw for:
- Non-integer or negative values
- Values >= 2^32 (exceeds 32-bit unsigned limit)

This converts silent data corruption into a fail-loud error. Current
field numbers are all < 256 so no behavior change for existing code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iRonin