Re: [Cbor] List of not-well-formed CBOR and test vectors

Thiago Macieira <> Mon, 29 July 2019 19:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0243E120026 for <>; Mon, 29 Jul 2019 12:24:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zwmvdDHaBfy5 for <>; Mon, 29 Jul 2019 12:24:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3E66E120025 for <>; Mon, 29 Jul 2019 12:24:49 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Jul 2019 12:24:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,324,1559545200"; d="scan'208";a="182865813"
Received: from ([]) by with ESMTP; 29 Jul 2019 12:24:48 -0700
Received: from tjmaciei-mobl1.localnet ( by ( with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 29 Jul 2019 12:24:47 -0700
From: Thiago Macieira <>
To: <>
CC: Laurence Lundblade <>
Date: Mon, 29 Jul 2019 12:24:47 -0700
Message-ID: <9430055.7DLcDZMovz@tjmaciei-mobl1>
Organization: Intel Corporation
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Originating-IP: []
Archived-At: <>
Subject: Re: [Cbor] List of not-well-formed CBOR and test vectors
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Jul 2019 19:24:51 -0000

On Monday, 29 July 2019 11:49:18 PDT Laurence Lundblade wrote:
> I think I’ve made a comprehensive list of all things that are not well
> formed by going through the latest draft and my decoder. There are about a
> dozen of them. I’ve also created 110 test vectors that cover them pretty
> thoroughly.
> Everything is here
> <
> ell_formed_cbor.h> in a C header. The dozen types of non-well-formedness are
> listed as comments in the header file. The test vectors are in an array
> that can be used for testing. It is BSD-3 license.
> I’ve turned up one bug in the RFC’s pseudo code. It doesn’t catch an
> indefinite length string as a segment in another indefinite length string.
> I’d like to get some review, some folks to try it out and such to see if
> I’ve missed anything and all is right. When that is done I’ll make a pull
> request for the draft out it. Probably in about two weeks.

Hello Laurence

I'll add your test vectors to TinyCBOR soon and see if there's anything I 
didn't catch. You're welcome to do the same with my test data, see:

There are 194 entries in that list, though some of them are slightly duplicate 
of one another. There are a couple that also test implementation limits, like 
strings bigger than half your machine's address space. Some others aren't 
testing invalid CBOR, but common parsing mistakes like reading a size of -1 or 
overflowing counters / pointers.

Another that I came across but isn't seen in the test list was that my buffer 
was always followed by a NUL byte, which masked one read-past-the-end. The 
trick for that test is in
which always places the data to be parsed at the end of a page, followed by a 
page with no read access.

And if you look at
tst_parser.cpp#L1796-L2155. you'll see an extensive list of strict, canonical 
mode and JSON-compatibility testing.

Thiago Macieira - thiago.macieira (AT)
  Software Architect - Intel System Software Products