address code review feedback: count the arrays themselves

adamsitnik · adamsitnik · commit 8a61178089d9 · 2024-09-13T13:17:30.000+02:00
diff --git a/src/libraries/System.Formats.Nrbf/src/System/Formats/Nrbf/ArrayRecord.cs b/src/libraries/System.Formats.Nrbf/src/System/Formats/Nrbf/ArrayRecord.cs
@@ -50,7 +50,7 @@ private protected ArrayRecord(ArrayInfo arrayInfo)
 
     internal long ValuesToRead { get; private protected set; }
 
-    private protected ArrayInfo ArrayInfo { get; }
+    internal ArrayInfo ArrayInfo { get; }
 
     internal bool IsJagged
         => ArrayInfo.ArrayType == BinaryArrayType.Jagged
diff --git a/src/libraries/System.Formats.Nrbf/src/System/Formats/Nrbf/BinaryArrayRecord.cs b/src/libraries/System.Formats.Nrbf/src/System/Formats/Nrbf/BinaryArrayRecord.cs
@@ -191,51 +191,42 @@ private static long GetJaggedArrayFlattenedLength(BinaryArrayRecord jaggedArrayR
 
             Debug.Assert(jaggedArrayRecord.IsJagged);
 
+            // In theory somebody could create a payload that would represent
+            // a very nested array with total elements count > long.MaxValue.
+            // That is why this method is using checked arithmetic.
+            result = checked(result + jaggedArrayRecord.Length); // count the arrays themselves
+
             foreach (object value in jaggedArrayRecord.Values)
             {
-                object item = value is MemberReferenceRecord referenceRecord
-                    ? referenceRecord.GetReferencedRecord()
-                    : value;
-
-                if (item is not SerializationRecord record)
+                if (value is not SerializationRecord record)
                 {
-                    result++;
                     continue;
                 }
 
+                if (record.RecordType == SerializationRecordType.MemberReference)
+                {
+                    record = ((MemberReferenceRecord)record).GetReferencedRecord();
+                }
+
                 switch (record.RecordType)
                 {
-                    case SerializationRecordType.BinaryArray:
                     case SerializationRecordType.ArraySinglePrimitive:
                     case SerializationRecordType.ArraySingleObject:
                     case SerializationRecordType.ArraySingleString:
+                    case SerializationRecordType.BinaryArray:
                         ArrayRecord nestedArrayRecord = (ArrayRecord)record;
                         if (nestedArrayRecord.IsJagged)
                         {
                             (jaggedArrayRecords ??= new()).Enqueue((BinaryArrayRecord)nestedArrayRecord);
                         }
                         else
                         {
-                            Debug.Assert(nestedArrayRecord is not BinaryArrayRecord, "Ensure lack of recursive call");
-                            checked
-                            {
-                                // In theory somebody could create a payload that would represent
-                                // a very nested array with total elements count > long.MaxValue.
-                                result += nestedArrayRecord.FlattenedLength;
-                            }
-                        }
-                        break;
-                    case SerializationRecordType.ObjectNull:
-                    case SerializationRecordType.ObjectNullMultiple256:
-                    case SerializationRecordType.ObjectNullMultiple:
-                        // All nulls need to be included, as it's another form of possible attack.
-                        checked
-                        {
-                            result += ((NullsRecord)item).NullCount;
+                            // Don't call nestedArrayRecord.FlattenedLength to avoid any potential recursion,
+                            // just call nestedArrayRecord.ArrayInfo.FlattenedLength that returns pre-computed value.
+                            result = checked(result + nestedArrayRecord.ArrayInfo.FlattenedLength);
                         }
                         break;
                     default:
-                        result++;
                         break;
                 }
             }
diff --git a/src/libraries/System.Formats.Nrbf/tests/JaggedArraysTests.cs b/src/libraries/System.Formats.Nrbf/tests/JaggedArraysTests.cs
@@ -7,20 +7,25 @@ namespace System.Formats.Nrbf.Tests;
 
 public class JaggedArraysTests : ReadTests
 {
-    [Fact]
-    public void CanReadJaggedArraysOfPrimitiveTypes_2D()
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public void CanReadJaggedArraysOfPrimitiveTypes_2D(bool useReferences)
     {
         int[][] input = new int[7][];
+        int[] same = [1, 2, 3];
         for (int i = 0; i < input.Length; i++)
         {
-            input[i] = [i, i, i];
+            input[i] = useReferences
+                ? same // reuse the same object (represented as a single record that is referenced multiple times)
+                : [i, i, i]; // create new array
         }
 
         var arrayRecord = (ArrayRecord)NrbfDecoder.Decode(Serialize(input));
 
         Verify(input, arrayRecord);
         Assert.Equal(input, arrayRecord.GetArray(input.GetType()));
-        Assert.Equal(input.Length * 3, arrayRecord.FlattenedLength);
+        Assert.Equal(input.Length + input.Length * 3, arrayRecord.FlattenedLength);
     }
 
     [Theory]
@@ -42,13 +47,17 @@ public void FlattenedLengthIncludesNullArrays(int nullCount)
     public void ItIsPossibleToHaveBinaryArrayRecordsHaveAnElementTypeOfArrayWithoutBeingMarkedAsJagged()
     {
         int[][][] input = new int[3][][];
+        long totalElementsCount = 0;
         for (int i = 0; i < input.Length; i++)
         {
             input[i] = new int[4][];
+            totalElementsCount++; // count the arrays themselves
 
             for (int j = 0; j < input[i].Length; j++)
             {
                 input[i][j] = [i, j, 0, 1, 2];
+                totalElementsCount += input[i][j].Length;
+                totalElementsCount++; // count the arrays themselves
             }
         }
 
@@ -67,25 +76,31 @@ public void ItIsPossibleToHaveBinaryArrayRecordsHaveAnElementTypeOfArrayWithoutB
 
         Verify(input, arrayRecord);
         Assert.Equal(input, arrayRecord.GetArray(input.GetType()));
-        Assert.Equal(3 * 4 * 5, arrayRecord.FlattenedLength);
+        Assert.Equal(3 + 3 * 4 + 3 * 4 * 5, totalElementsCount);
+        Assert.Equal(totalElementsCount, arrayRecord.FlattenedLength);
     }
 
     [Fact]
     public void CanReadJaggedArraysOfPrimitiveTypes_3D()
     {
         int[][][] input = new int[7][][];
+        long totalElementsCount = 0;
         for (int i = 0; i < input.Length; i++)
         {
+            totalElementsCount++; // count the arrays themselves
             input[i] = new int[1][];
+            totalElementsCount++; // count the arrays themselves
             input[i][0] = [i, i, i];
+            totalElementsCount += input[i][0].Length;
         }
 
         var arrayRecord = (ArrayRecord)NrbfDecoder.Decode(Serialize(input));
 
         Verify(input, arrayRecord);
         Assert.Equal(input, arrayRecord.GetArray(input.GetType()));
         Assert.Equal(1, arrayRecord.Rank);
-        Assert.Equal(input.Length * 1 * 3, arrayRecord.FlattenedLength);
+        Assert.Equal(7 + 7 * 1 + 7 * 1 * 3, totalElementsCount);
+        Assert.Equal(totalElementsCount, arrayRecord.FlattenedLength);
     }
 
     [Fact]
@@ -110,7 +125,7 @@ public void CanReadJaggedArrayOfRectangularArrays()
         Verify(input, arrayRecord);
         Assert.Equal(input, arrayRecord.GetArray(input.GetType()));
         Assert.Equal(1, arrayRecord.Rank);
-        Assert.Equal(input.Length * 3 * 3, arrayRecord.FlattenedLength);
+        Assert.Equal(input.Length + input.Length * 3 * 3, arrayRecord.FlattenedLength);
     }
 
     [Fact]
@@ -126,7 +141,7 @@ public void CanReadJaggedArraysOfStrings()
 
         Verify(input, arrayRecord);
         Assert.Equal(input, arrayRecord.GetArray(input.GetType()));
-        Assert.Equal(input.Length * 3, arrayRecord.FlattenedLength);
+        Assert.Equal(input.Length + input.Length * 3, arrayRecord.FlattenedLength);
     }
 
     [Fact]
@@ -142,7 +157,7 @@ public void CanReadJaggedArraysOfObjects()
 
         Verify(input, arrayRecord);
         Assert.Equal(input, arrayRecord.GetArray(input.GetType()));
-        Assert.Equal(input.Length * 3, arrayRecord.FlattenedLength);
+        Assert.Equal(input.Length + input.Length * 3, arrayRecord.FlattenedLength);
     }
 
     [Serializable]
@@ -160,6 +175,7 @@ public void CanReadJaggedArraysOfComplexTypes()
         {
             input[i] = Enumerable.Range(0, i + 1).Select(j => new ComplexType { SomeField = j }).ToArray();
             totalElementsCount += input[i].Length;
+            totalElementsCount++; // count the arrays themselves
         }
 
         var arrayRecord = (ArrayRecord)NrbfDecoder.Decode(Serialize(input));

Original file line number	Diff line number	Diff line change
`@@ -7,20 +7,25 @@ namespace System.Formats.Nrbf.Tests;`
`7`	`7`
`8`	`8`	`public class JaggedArraysTests : ReadTests`
`9`	`9`	`{`
`10`		`- [Fact]`
`11`		`- public void CanReadJaggedArraysOfPrimitiveTypes_2D()`
	`10`	`+ [Theory]`
	`11`	`+ [InlineData(true)]`
	`12`	`+ [InlineData(false)]`
	`13`	`+ public void CanReadJaggedArraysOfPrimitiveTypes_2D(bool useReferences)`
`12`	`14`	`{`
`13`	`15`	`int[][] input = new int[7][];`
	`16`	`+ int[] same = [1, 2, 3];`
`14`	`17`	`for (int i = 0; i < input.Length; i++)`
`15`	`18`	`{`
`16`		`- input[i] = [i, i, i];`
	`19`	`+ input[i] = useReferences`
	`20`	`+ ? same // reuse the same object (represented as a single record that is referenced multiple times)`
	`21`	`+ : [i, i, i]; // create new array`
`17`	`22`	`}`
`18`	`23`
`19`	`24`	`var arrayRecord = (ArrayRecord)NrbfDecoder.Decode(Serialize(input));`
`20`	`25`
`21`	`26`	`Verify(input, arrayRecord);`
`22`	`27`	`Assert.Equal(input, arrayRecord.GetArray(input.GetType()));`
`23`		`- Assert.Equal(input.Length * 3, arrayRecord.FlattenedLength);`
	`28`	`+ Assert.Equal(input.Length + input.Length * 3, arrayRecord.FlattenedLength);`
`24`	`29`	`}`
`25`	`30`
`26`	`31`	`[Theory]`
`@@ -42,13 +47,17 @@ public void FlattenedLengthIncludesNullArrays(int nullCount)`
`42`	`47`	`public void ItIsPossibleToHaveBinaryArrayRecordsHaveAnElementTypeOfArrayWithoutBeingMarkedAsJagged()`
`43`	`48`	`{`
`44`	`49`	`int[][][] input = new int[3][][];`
	`50`	`+ long totalElementsCount = 0;`
`45`	`51`	`for (int i = 0; i < input.Length; i++)`
`46`	`52`	`{`
`47`	`53`	`input[i] = new int[4][];`
	`54`	`+ totalElementsCount++; // count the arrays themselves`
`48`	`55`
`49`	`56`	`for (int j = 0; j < input[i].Length; j++)`
`50`	`57`	`{`
`51`	`58`	`input[i][j] = [i, j, 0, 1, 2];`
	`59`	`+ totalElementsCount += input[i][j].Length;`
	`60`	`+ totalElementsCount++; // count the arrays themselves`
`52`	`61`	`}`
`53`	`62`	`}`
`54`	`63`
`@@ -67,25 +76,31 @@ public void ItIsPossibleToHaveBinaryArrayRecordsHaveAnElementTypeOfArrayWithoutB`
`67`	`76`
`68`	`77`	`Verify(input, arrayRecord);`
`69`	`78`	`Assert.Equal(input, arrayRecord.GetArray(input.GetType()));`
`70`		`- Assert.Equal(3 * 4 * 5, arrayRecord.FlattenedLength);`
	`79`	`+ Assert.Equal(3 + 3 * 4 + 3 * 4 * 5, totalElementsCount);`
	`80`	`+ Assert.Equal(totalElementsCount, arrayRecord.FlattenedLength);`
`71`	`81`	`}`
`72`	`82`
`73`	`83`	`[Fact]`
`74`	`84`	`public void CanReadJaggedArraysOfPrimitiveTypes_3D()`
`75`	`85`	`{`
`76`	`86`	`int[][][] input = new int[7][][];`
	`87`	`+ long totalElementsCount = 0;`
`77`	`88`	`for (int i = 0; i < input.Length; i++)`
`78`	`89`	`{`
	`90`	`+ totalElementsCount++; // count the arrays themselves`
`79`	`91`	`input[i] = new int[1][];`
	`92`	`+ totalElementsCount++; // count the arrays themselves`
`80`	`93`	`input[i][0] = [i, i, i];`
	`94`	`+ totalElementsCount += input[i][0].Length;`
`81`	`95`	`}`
`82`	`96`
`83`	`97`	`var arrayRecord = (ArrayRecord)NrbfDecoder.Decode(Serialize(input));`
`84`	`98`
`85`	`99`	`Verify(input, arrayRecord);`
`86`	`100`	`Assert.Equal(input, arrayRecord.GetArray(input.GetType()));`
`87`	`101`	`Assert.Equal(1, arrayRecord.Rank);`
`88`		`- Assert.Equal(input.Length * 1 * 3, arrayRecord.FlattenedLength);`
	`102`	`+ Assert.Equal(7 + 7 * 1 + 7 * 1 * 3, totalElementsCount);`
	`103`	`+ Assert.Equal(totalElementsCount, arrayRecord.FlattenedLength);`
`89`	`104`	`}`
`90`	`105`
`91`	`106`	`[Fact]`
`@@ -110,7 +125,7 @@ public void CanReadJaggedArrayOfRectangularArrays()`
`110`	`125`	`Verify(input, arrayRecord);`
`111`	`126`	`Assert.Equal(input, arrayRecord.GetArray(input.GetType()));`
`112`	`127`	`Assert.Equal(1, arrayRecord.Rank);`
`113`		`- Assert.Equal(input.Length * 3 * 3, arrayRecord.FlattenedLength);`
	`128`	`+ Assert.Equal(input.Length + input.Length * 3 * 3, arrayRecord.FlattenedLength);`
`114`	`129`	`}`
`115`	`130`
`116`	`131`	`[Fact]`
`@@ -126,7 +141,7 @@ public void CanReadJaggedArraysOfStrings()`
`126`	`141`
`127`	`142`	`Verify(input, arrayRecord);`
`128`	`143`	`Assert.Equal(input, arrayRecord.GetArray(input.GetType()));`
`129`		`- Assert.Equal(input.Length * 3, arrayRecord.FlattenedLength);`
	`144`	`+ Assert.Equal(input.Length + input.Length * 3, arrayRecord.FlattenedLength);`
`130`	`145`	`}`
`131`	`146`
`132`	`147`	`[Fact]`
`@@ -142,7 +157,7 @@ public void CanReadJaggedArraysOfObjects()`
`142`	`157`
`143`	`158`	`Verify(input, arrayRecord);`
`144`	`159`	`Assert.Equal(input, arrayRecord.GetArray(input.GetType()));`
`145`		`- Assert.Equal(input.Length * 3, arrayRecord.FlattenedLength);`
	`160`	`+ Assert.Equal(input.Length + input.Length * 3, arrayRecord.FlattenedLength);`
`146`	`161`	`}`
`147`	`162`
`148`	`163`	`[Serializable]`
`@@ -160,6 +175,7 @@ public void CanReadJaggedArraysOfComplexTypes()`
`160`	`175`	`{`
`161`	`176`	`input[i] = Enumerable.Range(0, i + 1).Select(j => new ComplexType { SomeField = j }).ToArray();`
`162`	`177`	`totalElementsCount += input[i].Length;`
	`178`	`+ totalElementsCount++; // count the arrays themselves`
`163`	`179`	`}`
`164`	`180`
`165`	`181`	`var arrayRecord = (ArrayRecord)NrbfDecoder.Decode(Serialize(input));`