Merge branch 'de-bound-checks' into 'master'

zv: Ensure padding bytes exist before indexing into them

Closes #59

See merge request zeenix/zbus!140

Author: zeenix

zvariant/src/de.rs

@@ -206,6 +206,13 @@ where
     fn parse_padding(&mut self, alignment: usize) -> Result<usize> {
         let padding = padding_for_n_bytes(self.abs_pos(), alignment);
         if padding > 0 {
+            if self.pos + padding > self.bytes.len() {
+                return Err(serde::de::Error::invalid_length(
+                    self.bytes.len(),
+                    &format!(">= {}", self.pos + padding).as_str(),
+                ));
+            }
+
             for i in 0..padding {
                 let byte = self.bytes[self.pos + i];
                 if byte != 0 {

zvariant/src/lib.rs

@@ -184,7 +184,7 @@ mod tests {
     use crate::{to_bytes, to_bytes_fds, to_bytes_for_signature};
 
     use crate::{Array, Dict, EncodingContext as Context};
-    use crate::{Basic, Type, Value};
+    use crate::{Basic, Result, Type, Value};
     use crate::{Fd, ObjectPath, Signature, Str, Structure};
 
     // Test through both generic and specific API (wrt byte order)
@@ -871,4 +871,13 @@ mod tests {
         let f: Foo = from_slice_fds(&encoded, None, ctxt).unwrap();
         assert_eq!(f, foo);
     }
+
+    #[test]
+    fn issue_59() {
+        // Ensure we don't panic on deserializing tuple of smaller than expected length.
+        let ctxt = Context::<LE>::new_dbus(0);
+        let (encoded, _) = to_bytes_fds(ctxt, &("hello",)).unwrap();
+        let result: Result<(&str, &str)> = from_slice(&encoded, ctxt);
+        assert!(result.is_err());
+    }
 }