Fix panic on non UTF-8 string (#59)

MarshalX · web-flow · commit 0da9f9b4b979 · 2025-06-20T19:47:45.000+02:00
diff --git a/pytests/test_dag_cbor.py b/pytests/test_dag_cbor.py
@@ -137,6 +137,15 @@ def test_recursion_limit_exceed_on_nested_maps() -> None:
     assert 'in DAG-CBOR decoding' in str(exc_info.value)
 
 
+
+def test_dag_cbor_decode_invalid_utf8() -> None:
+    with pytest.raises(ValueError) as exc_info:
+        libipld.decode_dag_cbor(bytes.fromhex('62c328'))
+
+
+    assert 'Invalid UTF-8 string' in str(exc_info.value)
+
+
 def test_dab_cbor_decode_map_int_key() -> None:
     dag_cbor = bytes.fromhex('a10000')
     with pytest.raises(ValueError) as exc_info:
@@ -151,3 +160,4 @@ def test_dab_cbor_encode_map_int_key() -> None:
         libipld.encode_dag_cbor(obj)
 
     assert 'Map keys must be strings' in str(exc_info.value)
+
diff --git a/src/lib.rs b/src/lib.rs
@@ -102,11 +102,13 @@ fn get_bytes_from_py_any<'py>(obj: &'py Bound<'py, PyAny>) -> PyResult<&'py [u8]
     }
 }
 
-fn string_new_bound<'py>(py: Python<'py>, s: &[u8]) -> Bound<'py, PyString> {
+fn string_new_bound<'py>(py: Python<'py>, s: &[u8]) -> Result<Bound<'py, PyString>> {
+    std::str::from_utf8(s).map_err(|e| anyhow!("Invalid UTF-8 string: {}", e))?;
+
     let ptr = s.as_ptr() as *const c_char;
     let len = s.len() as ffi::Py_ssize_t;
     unsafe {
-        Bound::from_owned_ptr(py, ffi::PyUnicode_FromStringAndSize(ptr, len)).downcast_into_unchecked()
+        Ok(Bound::from_owned_ptr(py, ffi::PyUnicode_FromStringAndSize(ptr, len)).downcast_into_unchecked())
     }
 }
 
@@ -135,7 +137,7 @@ fn decode_dag_cbor_to_pyobject<R: Read + Seek>(
         }
         MajorKind::TextString => {
             let len = decode::read_uint(r, major)?;
-            string_new_bound(py, &decode::read_bytes(r, len)?).into_pyobject(py)?.into()
+            string_new_bound(py, &decode::read_bytes(r, len)?)?.into_pyobject(py)?.into()
         }
         MajorKind::Array => {
             let len: ffi::Py_ssize_t = decode_len(decode::read_uint(r, major)?)?.try_into()?;
@@ -173,7 +175,7 @@ fn decode_dag_cbor_to_pyobject<R: Read + Seek>(
                     }
                 }
 
-                let key_py = string_new_bound(py, key.as_slice()).into_pyobject(py)?;
+                let key_py = string_new_bound(py, key.as_slice())?.into_pyobject(py)?;
                 prev_key = Some(key);
 
                 let value_py = decode_dag_cbor_to_pyobject(py, r, depth + 1)?;

Original file line number	Diff line number	Diff line change
`@@ -102,11 +102,13 @@ fn get_bytes_from_py_any<'py>(obj: &'py Bound<'py, PyAny>) -> PyResult<&'py [u8]`
`102`	`102`	`}`
`103`	`103`	`}`
`104`	`104`
`105`		`-fn string_new_bound<'py>(py: Python<'py>, s: &[u8]) -> Bound<'py, PyString> {`
	`105`	`+fn string_new_bound<'py>(py: Python<'py>, s: &[u8]) -> Result<Bound<'py, PyString>> {`
	`106`	`+ std::str::from_utf8(s).map_err(\|e\| anyhow!("Invalid UTF-8 string: {}", e))?;`
	`107`	`+`
`106`	`108`	`let ptr = s.as_ptr() as *const c_char;`
`107`	`109`	`let len = s.len() as ffi::Py_ssize_t;`
`108`	`110`	`unsafe {`
`109`		`- Bound::from_owned_ptr(py, ffi::PyUnicode_FromStringAndSize(ptr, len)).downcast_into_unchecked()`
	`111`	`+ Ok(Bound::from_owned_ptr(py, ffi::PyUnicode_FromStringAndSize(ptr, len)).downcast_into_unchecked())`
`110`	`112`	`}`
`111`	`113`	`}`
`112`	`114`
`@@ -135,7 +137,7 @@ fn decode_dag_cbor_to_pyobject<R: Read + Seek>(`
`135`	`137`	`}`
`136`	`138`	`MajorKind::TextString => {`
`137`	`139`	`let len = decode::read_uint(r, major)?;`
`138`		`- string_new_bound(py, &decode::read_bytes(r, len)?).into_pyobject(py)?.into()`
	`140`	`+ string_new_bound(py, &decode::read_bytes(r, len)?)?.into_pyobject(py)?.into()`
`139`	`141`	`}`
`140`	`142`	`MajorKind::Array => {`
`141`	`143`	`let len: ffi::Py_ssize_t = decode_len(decode::read_uint(r, major)?)?.try_into()?;`
`@@ -173,7 +175,7 @@ fn decode_dag_cbor_to_pyobject<R: Read + Seek>(`
`173`	`175`	`}`
`174`	`176`	`}`
`175`	`177`
`176`		`- let key_py = string_new_bound(py, key.as_slice()).into_pyobject(py)?;`
	`178`	`+ let key_py = string_new_bound(py, key.as_slice())?.into_pyobject(py)?;`
`177`	`179`	`prev_key = Some(key);`
`178`	`180`
`179`	`181`	`let value_py = decode_dag_cbor_to_pyobject(py, r, depth + 1)?;`