Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix signed/unsigned bug in Value.fromCBOR #1011

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix signed/unsigned bug in Value.fromCBOR #1011

wants to merge 1 commit into from

Conversation

itsfarseen
Copy link

@itsfarseen itsfarseen commented Dec 6, 2023
edited

It looks like the author meant to do:

if(reader.peek() === UNSIGNED_INT) { reader.readUInt() }

instead of

if(reader.peek() === UNSIGNED_INT) { reader.readInt() }

@itsfarseen
Fix signed/unsigned bug in Value.fromCBOR
f6a982b 
It looks like the author mean to do:
  if(parser.peek() == UNSIGNED_INT) { parser.readUInt() }
instead of
  if(parser.peek() == UNSIGNED_INT) { parser.readInt() }
@itsfarseen
Copy link
Author

Not sure if the same bug is present in the following lines as well. Coins and quantity can't be negative right?

cardano-js-sdk/packages/core/src/Serialization/TransactionBody/Value.ts

Line 96 in f6a982b

const coins = reader.readInt();

cardano-js-sdk/packages/core/src/Serialization/TransactionBody/Value.ts

Line 108 in f6a982b

const quantity = reader.readInt();

@AngelCastilloB
Copy link
Member

Hi @itsfarseen thanks for the feedback, in our typescript CBOR implementation both readInt and readUInt map to a bigint (because we dont have signed types in javascript and bigint is large enough in both directions), and particularly readInt is 'smart' enough to figure out if the number is negative or positive and do the right thing when deserializing, so this wont cause any issues here.

That being said, the readUInt version will throw if it finds a signed number which is probably semantically more correct, so I am happy to accept the change, but please fix the commit message to use conventional commits, I.E:

fix(core): deserialization of Value now checks that both coin and multiasset amount are unsigned

Not sure if the same bug is present in the following lines as well. Coins and quantity can't be negative right?

Correct, you can apply the same change here.

mkazlauskas
mkazlauskas requested changes Dec 8, 2023
View reviewed changes
Copy link
Member

@mkazlauskas mkazlauskas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for contribution! A fix should come with a test (or some change in an existing test)

@rhyslbw
Copy link
Member

rhyslbw commented Jan 5, 2024

@itsfarseen thanks for the PR but we're unable to merge given it's incomplete. Will you be able to address @mkazlauskas feedback?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkazlauskas mkazlauskas mkazlauskas requested changes

@AngelCastilloB AngelCastilloB Awaiting requested review from AngelCastilloB

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@itsfarseen @AngelCastilloB @rhyslbw @mkazlauskas