Merge pull request #1239 from lelloman/fix-base62-16-id-decoding-overflow

Fix SpotifyId base 62 and 16 str decoding
This commit is contained in:
Roderick van Domburg 2024-05-26 22:09:46 +02:00 committed by GitHub
commit 7d45a94291
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -98,6 +98,9 @@ impl SpotifyId {
/// ///
/// [Spotify ID]: https://developer.spotify.com/documentation/web-api/concepts/spotify-uris-ids /// [Spotify ID]: https://developer.spotify.com/documentation/web-api/concepts/spotify-uris-ids
pub fn from_base16(src: &str) -> SpotifyIdResult { pub fn from_base16(src: &str) -> SpotifyIdResult {
if src.len() != 32 {
return Err(SpotifyIdError::InvalidId.into());
}
let mut dst: u128 = 0; let mut dst: u128 = 0;
for c in src.as_bytes() { for c in src.as_bytes() {
@ -123,6 +126,9 @@ impl SpotifyId {
/// ///
/// [Spotify ID]: https://developer.spotify.com/documentation/web-api/concepts/spotify-uris-ids /// [Spotify ID]: https://developer.spotify.com/documentation/web-api/concepts/spotify-uris-ids
pub fn from_base62(src: &str) -> SpotifyIdResult { pub fn from_base62(src: &str) -> SpotifyIdResult {
if src.len() != 22 {
return Err(SpotifyIdError::InvalidId.into());
}
let mut dst: u128 = 0; let mut dst: u128 = 0;
for c in src.as_bytes() { for c in src.as_bytes() {
@ -133,8 +139,8 @@ impl SpotifyId {
_ => return Err(SpotifyIdError::InvalidId.into()), _ => return Err(SpotifyIdError::InvalidId.into()),
} as u128; } as u128;
dst *= 62; dst = dst.checked_mul(62).ok_or(SpotifyIdError::InvalidId)?;
dst += p; dst = dst.checked_add(p).ok_or(SpotifyIdError::InvalidId)?;
} }
Ok(Self { Ok(Self {
@ -606,7 +612,7 @@ mod tests {
}, },
]; ];
static CONV_INVALID: [ConversionCase; 3] = [ static CONV_INVALID: [ConversionCase; 5] = [
ConversionCase { ConversionCase {
id: 0, id: 0,
kind: SpotifyItemType::Unknown, kind: SpotifyItemType::Unknown,
@ -631,13 +637,40 @@ mod tests {
154, 27, 28, 251, 154, 27, 28, 251,
], ],
}, },
ConversionCase {
id: 0,
kind: SpotifyItemType::Unknown,
// Uri too short
uri: "spotify:azb:aRS48xBl0tH",
// too long, should return error but not panic overflow
base16: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
// too long, should return error but not panic overflow
base62: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
raw: &[
// Invalid length.
154, 27, 28, 251,
],
},
ConversionCase { ConversionCase {
id: 0, id: 0,
kind: SpotifyItemType::Unknown, kind: SpotifyItemType::Unknown,
// Uri too short // Uri too short
uri: "spotify:azb:aRS48xBl0tH", uri: "spotify:azb:aRS48xBl0tH",
base16: "--------------------", base16: "--------------------",
base62: "....................", // too short to encode a 128 bits int
base62: "aa",
raw: &[
// Invalid length.
154, 27, 28, 251,
],
},
ConversionCase {
id: 0,
kind: SpotifyItemType::Unknown,
uri: "cleary invalid uri",
base16: "--------------------",
// too high of a value, this would need a 132 bits int
base62: "ZZZZZZZZZZZZZZZZZZZZZZ",
raw: &[ raw: &[
// Invalid length. // Invalid length.
154, 27, 28, 251, 154, 27, 28, 251,