Skip to content

Prevent integer overflows in encoded message length computations #809

Prevent integer overflows in encoded message length computations

Prevent integer overflows in encoded message length computations #809

Workflow file for this run

name: CI
on:
push:
branches: [ "master" ]
pull_request:
merge_group:
branches: [ "master" ]
permissions:
contents: read
env:
PROTOC_VERSION: '3.25.3'
clippy_rust_version: '1.82'
jobs:
# Depends on all actions that are required for a "successful" CI run.
tests-pass:
name: all systems go
runs-on: ubuntu-latest
needs:
- rustfmt
- toml_validation
- clippy
- docs
- machete
- unused_dependencies
- test
- msrv
- minimal-versions
- kani
- no-std
- check-readme
steps:
- run: exit 0
rustfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --all --check
toml_validation:
runs-on: ubuntu-latest
container:
image: tamasfe/taplo:0.8.1
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: taplo lint
run: taplo lint
- name: taplo fmt
run: taplo fmt --check --diff
clippy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- name: install ninja
uses: ./.github/actions/setup-ninja
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ env.clippy_rust_version }}
components: clippy
- run: cargo clippy --workspace --exclude protobuf --all-features --tests -- -D warnings
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- name: install ninja
uses: ./.github/actions/setup-ninja
- uses: dtolnay/rust-toolchain@stable
- name: "doc --lib --all-features"
run: |
cargo doc --lib --no-deps --all-features --document-private-items
env:
RUSTDOCFLAGS: -Dwarnings
machete:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: taiki-e/install-action@cargo-machete
- name: Check unused dependencies
run: cargo machete
unused_dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@nightly
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- name: install ninja
uses: ./.github/actions/setup-ninja
- name: install cargo-udeps
uses: taiki-e/install-action@cargo-udeps
- name: cargo udeps
run: cargo +nightly udeps
- name: cargo udeps all-targets
run: cargo +nightly udeps --all-targets
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
toolchain:
- stable
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: install toolchain (${{ matrix.toolchain }})
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.toolchain }}
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- name: install ninja
uses: ./.github/actions/setup-ninja
- uses: Swatinem/rust-cache@v2
- name: test
run: cargo test
- name: test no-default-features
run: cargo test -p prost-build -p prost-derive -p prost-types --no-default-features
tests-overflow:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
targets: i686-unknown-linux-gnu
- name: install multilib support for GCC
run: sudo apt-get install -y gcc-multilib
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- uses: Swatinem/rust-cache@v2
- name: test for integer overflows
run: |
cargo test -p tests-overflow --target i686-unknown-linux-gnu -- \
--skip encoded_len::overflow::field::int32::encoded_len_packed_can_overflow_u32 \
--skip encoded_len::overflow::field::int32::encoded_len_repeated_can_overflow_u32 \
--include-ignored --test-threads 1
- name: run tests with large allocations in isolation
run: |
for test in \
encoded_len::overflow::field::int32::encoded_len_packed_can_overflow_u32 \
encoded_len::overflow::field::int32::encoded_len_repeated_can_overflow_u32 \
;
do
cargo test -p tests-overflow --target i686-unknown-linux-gnu -- \
--ignored --exact $test
done
msrv:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- uses: taiki-e/install-action@cargo-hack
- uses: Swatinem/rust-cache@v2
- name: check with no-default-features
run: cargo hack --rust-version --no-private --no-dev-deps check --no-default-features
- name: check with all-features
run: cargo hack --rust-version --no-private --no-dev-deps check --all-features
minimal-versions:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@nightly
- uses: dtolnay/rust-toolchain@stable
- uses: taiki-e/install-action@cargo-hack
- uses: taiki-e/install-action@cargo-minimal-versions
- run: cargo minimal-versions --no-private check --all-features
kani:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify with Kani
uses: model-checking/kani-github-action@v1.1
with:
args: |
-p prost-types
no-std:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@nightly
- name: install protoc
uses: taiki-e/install-action@v2
with:
tool: protoc@${{ env.PROTOC_VERSION }}
- uses: Swatinem/rust-cache@v2
- name: install cargo-no-std-check
uses: baptiste0928/cargo-install@v3
with:
crate: cargo-no-std-check
- name: prost cargo-no-std-check
run: cargo no-std-check --manifest-path prost/Cargo.toml --no-default-features
- name: prost-types cargo-no-std-check
run: cargo no-std-check --manifest-path prost-types/Cargo.toml --no-default-features
# prost-build depends on prost with --no-default-features, but when
# prost-build is built through the workspace, prost typically has default
# features enabled due to vagaries in Cargo workspace feature resolution.
# This additional check ensures that prost-build does not rely on any of
# prost's default features to compile.
- name: prost-build check
run: cargo check --manifest-path prost-build/Cargo.toml
- name: tests-no-std cargo-no-std-check
run: cargo no-std-check --manifest-path tests-no-std/Cargo.toml
check-readme:
name: Check README
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify that both READMEs are identical
run: diff README.md prost/README.md
- name: Verify that Prost version is up to date in README
working-directory: prost
run: grep -q "$(sed '/^version = /!d' Cargo.toml | head -n1)" README.md