Use longer column width
Reduce the number of lines of code by using a longer column width, 100 as is more-or-less standard in this repo. This patch only changes column width (line length), no other changes.
This commit is contained in:
Tobin C. Harding
parent
31740710ee
commit
bbd39e5ecc
|
|
@ -297,43 +297,37 @@ pub trait Encodable {
|
||||||
pub trait Decodable: Sized {
|
pub trait Decodable: Sized {
|
||||||
/// Decode `Self` from a size-limited reader.
|
/// Decode `Self` from a size-limited reader.
|
||||||
///
|
///
|
||||||
/// Like `consensus_decode` but relies on the reader being
|
/// Like `consensus_decode` but relies on the reader being limited in the amount of data it
|
||||||
/// limited in the amount of data it returns, e.g. by
|
/// returns, e.g. by being wrapped in [`std::io::Take`].
|
||||||
/// being wrapped in [`std::io::Take`].
|
|
||||||
///
|
///
|
||||||
/// Failling to obide to this requirement might lead to
|
/// Failling to obide to this requirement might lead to memory exhaustion caused by malicious
|
||||||
/// memory exhaustion caused by malicious inputs.
|
/// inputs.
|
||||||
///
|
///
|
||||||
/// Users should default to `consensus_decode`, but
|
/// Users should default to `consensus_decode`, but when data to be decoded is already in a byte
|
||||||
/// when data to be decoded is already in a byte vector
|
/// vector of a limited size, calling this function directly might be marginally faster (due to
|
||||||
/// of a limited size, calling this function directly
|
/// avoiding extra checks).
|
||||||
/// might be marginally faster (due to avoiding
|
|
||||||
/// extra checks).
|
|
||||||
///
|
///
|
||||||
/// ### Rules for trait implementations
|
/// ### Rules for trait implementations
|
||||||
///
|
///
|
||||||
/// * Simple types that that have a fixed size (own and member fields),
|
/// * Simple types that that have a fixed size (own and member fields), don't have to overwrite
|
||||||
/// don't have to overwrite this method, or be concern with it.
|
/// this method, or be concern with it.
|
||||||
/// * Types that deserialize using externally provided length
|
/// * Types that deserialize using externally provided length should implement it:
|
||||||
/// should implement it:
|
/// * Make `consensus_decode` forward to `consensus_decode_bytes_from_finite_reader` with the
|
||||||
/// * Make `consensus_decode` forward to `consensus_decode_bytes_from_finite_reader`
|
/// reader wrapped by `Take`. Failure to do so, without other forms of memory exhaustion
|
||||||
/// with the reader wrapped by `Take`. Failure to do so, without other
|
/// protection might lead to resource exhaustion vulnerability.
|
||||||
/// forms of memory exhaustion protection might lead to resource exhaustion
|
/// * Put a max cap on things like `Vec::with_capacity` to avoid oversized allocations, and
|
||||||
/// vulnerability.
|
/// rely on the reader running out of data, and collections reallocating on a legitimately
|
||||||
/// * Put a max cap on things like `Vec::with_capacity` to avoid oversized
|
/// oversized input data, instead of trying to enforce arbitrary length limits.
|
||||||
/// allocations, and rely on the reader running out of data, and collections
|
/// * Types that contain other types that implement custom
|
||||||
/// reallocating on a legitimately oversized input data, instead of trying
|
/// `consensus_decode_from_finite_reader`, should also implement it applying same rules, and
|
||||||
/// to enforce arbitrary length limits.
|
/// in addition make sure to call `consensus_decode_from_finite_reader` on all members, to
|
||||||
/// * Types that contain other types that implement custom `consensus_decode_from_finite_reader`,
|
/// avoid creating redundant `Take` wrappers. Failure to do so might result only in a tiny
|
||||||
/// should also implement it applying same rules, and in addition make sure to call
|
/// performance hit.
|
||||||
/// `consensus_decode_from_finite_reader` on all members, to avoid creating redundant
|
|
||||||
/// `Take` wrappers. Failure to do so might result only in a tiny performance hit.
|
|
||||||
#[inline]
|
#[inline]
|
||||||
fn consensus_decode_from_finite_reader<R: io::Read + ?Sized>(reader: &mut R) -> Result<Self, Error> {
|
fn consensus_decode_from_finite_reader<R: io::Read + ?Sized>(reader: &mut R) -> Result<Self, Error> {
|
||||||
// This method is always strictly less general than, `consensus_decode`,
|
// This method is always strictly less general than, `consensus_decode`, so it's safe and
|
||||||
// so it's safe and make sense to default to just calling it.
|
// make sense to default to just calling it. This way most types, that don't care about
|
||||||
// This way most types, that don't care about protecting against
|
// protecting against resource exhaustion due to malicious input, can just ignore it.
|
||||||
// resource exhaustion due to malicious input, can just ignore it.
|
|
||||||
Self::consensus_decode(reader)
|
Self::consensus_decode(reader)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue