pub trait Decodable: Sized {
// Provided methods
fn consensus_decode_from_finite_reader<R>(
reader: &mut R
) -> Result<Self, Error>
where R: Read + ?Sized { ... }
fn consensus_decode<R>(reader: &mut R) -> Result<Self, Error>
where R: Read + ?Sized { ... }
}
Expand description
Data which can be encoded in a consensus-consistent way.
Provided Methods§
fn consensus_decode_from_finite_reader<R>(reader: &mut R) -> Result<Self, Error>
fn consensus_decode_from_finite_reader<R>(reader: &mut R) -> Result<Self, Error>
Decode Self
from a size-limited reader.
Like consensus_decode
but relies on the reader being limited in the amount of data it
returns, e.g. by being wrapped in std::io::Take
.
Failing to abide to this requirement might lead to memory exhaustion caused by malicious inputs.
Users should default to consensus_decode
, but when data to be decoded is already in a byte
vector of a limited size, calling this function directly might be marginally faster (due to
avoiding extra checks).
§Rules for trait implementations
- Simple types that that have a fixed size (own and member fields), don’t have to overwrite this method, or be concern with it.
- Types that deserialize using externally provided length should implement it:
- Make
consensus_decode
forward toconsensus_decode_bytes_from_finite_reader
with the reader wrapped byTake
. Failure to do so, without other forms of memory exhaustion protection might lead to resource exhaustion vulnerability. - Put a max cap on things like
Vec::with_capacity
to avoid oversized allocations, and rely on the reader running out of data, and collections reallocating on a legitimately oversized input data, instead of trying to enforce arbitrary length limits.
- Make
- Types that contain other types that implement custom
consensus_decode_from_finite_reader
, should also implement it applying same rules, and in addition make sure to callconsensus_decode_from_finite_reader
on all members, to avoid creating redundantTake
wrappers. Failure to do so might result only in a tiny performance hit.
fn consensus_decode<R>(reader: &mut R) -> Result<Self, Error>
fn consensus_decode<R>(reader: &mut R) -> Result<Self, Error>
Decode an object with a well-defined format.
This is the method that should be implemented for a typical, fixed sized type
implementing this trait. Default implementation is wrapping the reader
in crate::io::Take
to limit the input size to MAX_VEC_SIZE
, and forwards the call to
Self::consensus_decode_from_finite_reader
, which is convenient
for types that override Self::consensus_decode_from_finite_reader
instead.