[Cbor] List of not-well-formed CBOR and test vectors

Laurence Lundblade <lgl@island-resort.com> Mon, 29 July 2019 18:49 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D606112001A for <cbor@ietfa.amsl.com>; Mon, 29 Jul 2019 11:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 6YmzTUs5_u45 for <cbor@ietfa.amsl.com>; Mon, 29 Jul 2019 11:49:19 -0700 (PDT)
Received: from p3plsmtpa08-02.prod.phx3.secureserver.net (p3plsmtpa08-02.prod.phx3.secureserver.net []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9243F120019 for <cbor@ietf.org>; Mon, 29 Jul 2019 11:49:19 -0700 (PDT)
Received: from [] ([]) by :SMTPAUTH: with ESMTPSA id sAhyhxRCfs9XUsAhyhGruo; Mon, 29 Jul 2019 11:49:19 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C5F88E25-5DAB-408F-88B4-827818F368EF"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Message-Id: <CF3F871E-7489-4770-B2FE-1746C392ACF0@island-resort.com>
Date: Mon, 29 Jul 2019 11:49:18 -0700
To: cbor@ietf.org
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfEKXvVCJiFlusYdHWwEYJ/BOPhBfMjMCGf11CasHPnFsCvQfv63Uq9xDawakTUoQwMmOujRAW1z1zfww+0ilKvKzmpEQUm3kaAo1JC32OaW3b9roPE1f 4VP2PNu8HvZB5qAppeUBG1SOnJJmWJix6tutqbV+V7GPhn7vUVszmsqH
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/NNsFRCxUWwEQ_1uCuexi7C-VSR0>
Subject: [Cbor] List of not-well-formed CBOR and test vectors
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2019 18:49:21 -0000

I think I’ve made a comprehensive list of all things that are not well formed by going through the latest draft and my decoder. There are about a dozen of them. I’ve also created 110 test vectors that cover them pretty thoroughly. 

Everything is here <https://github.com/laurencelundblade/QCBOR/blob/not_well_formed/test/not_well_formed_cbor.h> in a C header. The dozen types of non-well-formedness are listed as comments in the header file. The test vectors are in an array that can be used for testing. It is BSD-3 license.

I’ve turned up one bug in the RFC’s pseudo code. It doesn’t catch an indefinite length string as a segment in another indefinite length string. 

I’d like to get some review, some folks to try it out and such to see if I’ve missed anything and all is right. When that is done I’ll make a pull request for the draft out it. Probably in about two weeks.

So please look it over and try it against your implementation.