1

I am making an app with protobuf-net, using it for sending/receiving data over the network.

I am curious whether/how someone can send something that will make this line throw an exception:

var message = Serializer.DeserializeWithLengthPrefix<ReceiveType>(
                                   memoryStream, PrefixStyle.Fixed32);

I am assuming that by this point we've checked that:

  • (Edit) Entire message has already been received and was placed into a MemoryStream, which will be used for deserializing the message (i.e. no risk of the stream cutting off).
  • The length prefix contains a number of reasonable size (i.e. won't run out of memory)
  • Message body is exactly as large as promised by the prefix.

So far I've tried various possibilities, and at worst the message fields come out to be null or other default values, even for the required fields and when the message body contains random gibberish.

ikh
  • 2,336
  • 2
  • 19
  • 28
  • By coincidence, I was messing around with protobuf-net last night for a couple hours, and I found that if you try to use `Serializer.DeserializeWithLengthPrefix()` on a stream that has been closed, the `Serializer.DeserializeWithLengthPrefix()` line will throw an error at runtime. – Brian Snow Jul 16 '12 at 01:18
  • Interesting, thanks! I forgot to mention though that before deserializing, I wait for the entire message to arrive (based on length prefix) and then deserialize from a `MemoryStream`, i.e. there is no risk of stream being closed. I'll edit the post to clarify. – ikh Jul 16 '12 at 01:33
  • @BrianSnow were you getting an exception or an error. Because attempts with Sockets to operate on a closed stream throw exceptions which you need to catch, so i'd say mark would follow those pretty closely. – Paul Farry Jul 16 '12 at 06:06
  • @PaulFarry It was an exception, which I did catch. I am a newbie, and I actually didn't know that exceptions and errors are two different things! – Brian Snow Jul 16 '12 at 15:33
  • Too late to edit my comment above, but just to be sure: if I was catching the error/exception with `catch (Exception e) {}`, am I correct in assuming that means it was indeed an exception? – Brian Snow Jul 16 '12 at 15:44
  • indeed, if you were catching it (Im guessing `IOException` then yeah you've got it – Paul Farry Jul 16 '12 at 21:51

1 Answers1

1

and when the message body contains random gibberish

not quite. Gibberish will generally make it throw the "invalid wire type" exception. You could also get errors about malformed varints, UTF8, and several other things. The message must be valid protobuf data.There are some things it won't detect, but in most cases it will shout at you for invalid data.

Obviously any code in ReceiveType that intentionally explodes (in say, a property get) would cause it to fail - so the model / DTO must make sense too!

Marc Gravell
  • 1,026,079
  • 266
  • 2,566
  • 2,900