Prevent integer overflows in encoded message length computations #806
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
merge_group: | |
branches: [ "master" ] | |
permissions: | |
contents: read | |
env: | |
PROTOC_VERSION: '3.25.3' | |
clippy_rust_version: '1.82' | |
jobs: | |
# Depends on all actions that are required for a "successful" CI run. | |
tests-pass: | |
name: all systems go | |
runs-on: ubuntu-latest | |
needs: | |
- rustfmt | |
- toml_validation | |
- clippy | |
- docs | |
- machete | |
- unused_dependencies | |
- test | |
- msrv | |
- minimal-versions | |
- kani | |
- no-std | |
- check-readme | |
steps: | |
- run: exit 0 | |
rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt --all --check | |
toml_validation: | |
runs-on: ubuntu-latest | |
container: | |
image: tamasfe/taplo:0.8.1 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: taplo lint | |
run: taplo lint | |
- name: taplo fmt | |
run: taplo fmt --check --diff | |
clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- name: install ninja | |
uses: ./.github/actions/setup-ninja | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: ${{ env.clippy_rust_version }} | |
components: clippy | |
- run: cargo clippy --workspace --exclude protobuf --all-features --tests -- -D warnings | |
docs: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- name: install ninja | |
uses: ./.github/actions/setup-ninja | |
- uses: dtolnay/rust-toolchain@stable | |
- name: "doc --lib --all-features" | |
run: | | |
cargo doc --lib --no-deps --all-features --document-private-items | |
env: | |
RUSTDOCFLAGS: -Dwarnings | |
machete: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: taiki-e/install-action@cargo-machete | |
- name: Check unused dependencies | |
run: cargo machete | |
unused_dependencies: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@nightly | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- name: install ninja | |
uses: ./.github/actions/setup-ninja | |
- name: install cargo-udeps | |
uses: taiki-e/install-action@cargo-udeps | |
- name: cargo udeps | |
run: cargo +nightly udeps | |
- name: cargo udeps all-targets | |
run: cargo +nightly udeps --all-targets | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
toolchain: | |
- stable | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: install toolchain (${{ matrix.toolchain }}) | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.toolchain }} | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- name: install ninja | |
uses: ./.github/actions/setup-ninja | |
- uses: Swatinem/rust-cache@v2 | |
- name: test | |
run: cargo test | |
- name: test no-default-features | |
run: cargo test -p prost-build -p prost-derive -p prost-types --no-default-features | |
tests-overflow: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: i686-unknown-linux-gnu | |
- name: install multilib support for GCC | |
run: sudo apt-get install -y gcc-multilib g++-multilib | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- uses: Swatinem/rust-cache@v2 | |
- name: test for integer overflows | |
run: | | |
cargo test -p tests-overflow --target i686-unknown-linux-gnu -- \ | |
--skip encoded_len::overflow::field::int32::encoded_len_packed_can_overflow_u32 \ | |
--skip encoded_len::overflow::field::int32::encoded_len_repeated_can_overflow_u32 \ | |
--include-ignored --test-threads 1 | |
- name: run tests with large allocations in isolation | |
run: | | |
for test in \ | |
encoded_len::overflow::field::int32::encoded_len_packed_can_overflow_u32 \ | |
encoded_len::overflow::field::int32::encoded_len_repeated_can_overflow_u32 \ | |
; | |
do | |
cargo test -p tests-overflow --target i686-unknown-linux-gnu -- \ | |
--ignored --exact $test | |
done | |
msrv: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- uses: taiki-e/install-action@cargo-hack | |
- uses: Swatinem/rust-cache@v2 | |
- name: check with no-default-features | |
run: cargo hack --rust-version --no-private --no-dev-deps check --no-default-features | |
- name: check with all-features | |
run: cargo hack --rust-version --no-private --no-dev-deps check --all-features | |
minimal-versions: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@nightly | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: taiki-e/install-action@cargo-hack | |
- uses: taiki-e/install-action@cargo-minimal-versions | |
- run: cargo minimal-versions --no-private check --all-features | |
kani: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Verify with Kani | |
uses: model-checking/kani-github-action@v1.1 | |
with: | |
args: | | |
-p prost-types | |
no-std: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@nightly | |
- name: install protoc | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: protoc@${{ env.PROTOC_VERSION }} | |
- uses: Swatinem/rust-cache@v2 | |
- name: install cargo-no-std-check | |
uses: baptiste0928/cargo-install@v3 | |
with: | |
crate: cargo-no-std-check | |
- name: prost cargo-no-std-check | |
run: cargo no-std-check --manifest-path prost/Cargo.toml --no-default-features | |
- name: prost-types cargo-no-std-check | |
run: cargo no-std-check --manifest-path prost-types/Cargo.toml --no-default-features | |
# prost-build depends on prost with --no-default-features, but when | |
# prost-build is built through the workspace, prost typically has default | |
# features enabled due to vagaries in Cargo workspace feature resolution. | |
# This additional check ensures that prost-build does not rely on any of | |
# prost's default features to compile. | |
- name: prost-build check | |
run: cargo check --manifest-path prost-build/Cargo.toml | |
- name: tests-no-std cargo-no-std-check | |
run: cargo no-std-check --manifest-path tests-no-std/Cargo.toml | |
check-readme: | |
name: Check README | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Verify that both READMEs are identical | |
run: diff README.md prost/README.md | |
- name: Verify that Prost version is up to date in README | |
working-directory: prost | |
run: grep -q "$(sed '/^version = /!d' Cargo.toml | head -n1)" README.md |