Consolidate decoder validation to DataDecoder

Move size validation logic to DataDecoder to eliminate duplication
and create single source of truth for data validation.

Author: oschwald

internal/decoder/data_decoder.go

@@ -166,6 +166,12 @@ func (d *DataDecoder) DecodeBytes(size, offset uint) ([]byte, uint, error) {
 
 // DecodeFloat64 decodes a 64-bit float from the given offset.
 func (d *DataDecoder) DecodeFloat64(size, offset uint) (float64, uint, error) {
+	if size != 8 {
+		return 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (float 64 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
 		return 0, 0, mmdberrors.NewOffsetError()
 	}
@@ -177,6 +183,12 @@ func (d *DataDecoder) DecodeFloat64(size, offset uint) (float64, uint, error) {
 
 // DecodeFloat32 decodes a 32-bit float from the given offset.
 func (d *DataDecoder) DecodeFloat32(size, offset uint) (float32, uint, error) {
+	if size != 4 {
+		return 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (float32 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
 		return 0, 0, mmdberrors.NewOffsetError()
 	}
@@ -188,6 +200,12 @@ func (d *DataDecoder) DecodeFloat32(size, offset uint) (float32, uint, error) {
 
 // DecodeInt32 decodes a 32-bit signed integer from the given offset.
 func (d *DataDecoder) DecodeInt32(size, offset uint) (int32, uint, error) {
+	if size > 4 {
+		return 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (int32 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
 		return 0, 0, mmdberrors.NewOffsetError()
 	}
@@ -236,6 +254,18 @@ func (d *DataDecoder) DecodePointer(
 	return pointer, newOffset, nil
 }
 
+// DecodeBool decodes a boolean from the given offset.
+func (*DataDecoder) DecodeBool(size, offset uint) (bool, uint, error) {
+	if size > 1 {
+		return false, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (bool size of %v)",
+			size,
+		)
+	}
+	value, newOffset := decodeBool(size, offset)
+	return value, newOffset, nil
+}
+
 // DecodeString decodes a string from the given offset.
 func (d *DataDecoder) DecodeString(size, offset uint) (string, uint, error) {
 	if offset+size > uint(len(d.buffer)) {
@@ -249,6 +279,12 @@ func (d *DataDecoder) DecodeString(size, offset uint) (string, uint, error) {
 
 // DecodeUint16 decodes a 16-bit unsigned integer from the given offset.
 func (d *DataDecoder) DecodeUint16(size, offset uint) (uint16, uint, error) {
+	if size > 2 {
+		return 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (uint16 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
 		return 0, 0, mmdberrors.NewOffsetError()
 	}
@@ -265,6 +301,12 @@ func (d *DataDecoder) DecodeUint16(size, offset uint) (uint16, uint, error) {
 
 // DecodeUint32 decodes a 32-bit unsigned integer from the given offset.
 func (d *DataDecoder) DecodeUint32(size, offset uint) (uint32, uint, error) {
+	if size > 4 {
+		return 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (uint32 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
 		return 0, 0, mmdberrors.NewOffsetError()
 	}
@@ -281,6 +323,12 @@ func (d *DataDecoder) DecodeUint32(size, offset uint) (uint32, uint, error) {
 
 // DecodeUint64 decodes a 64-bit unsigned integer from the given offset.
 func (d *DataDecoder) DecodeUint64(size, offset uint) (uint64, uint, error) {
+	if size > 8 {
+		return 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (uint64 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
 		return 0, 0, mmdberrors.NewOffsetError()
 	}
@@ -296,16 +344,32 @@ func (d *DataDecoder) DecodeUint64(size, offset uint) (uint64, uint, error) {
 }
 
 // DecodeUint128 decodes a 128-bit unsigned integer from the given offset.
-func (d *DataDecoder) DecodeUint128(size, offset uint) (*big.Int, uint, error) {
+// Returns the value as high and low 64-bit unsigned integers.
+func (d *DataDecoder) DecodeUint128(size, offset uint) (hi, lo uint64, newOffset uint, err error) {
+	if size > 16 {
+		return 0, 0, 0, mmdberrors.NewInvalidDatabaseError(
+			"the MaxMind DB file's data section contains bad data (uint128 size of %v)",
+			size,
+		)
+	}
 	if offset+size > uint(len(d.buffer)) {
-		return nil, 0, mmdberrors.NewOffsetError()
+		return 0, 0, 0, mmdberrors.NewOffsetError()
 	}
 
-	newOffset := offset + size
-	val := new(big.Int)
-	val.SetBytes(d.buffer[offset:newOffset])
+	newOffset = offset + size
 
-	return val, newOffset, nil
+	// Process bytes from most significant to least significant
+	for _, b := range d.buffer[offset:newOffset] {
+		var carry byte
+		lo, carry = append64(lo, b)
+		hi, _ = append64(hi, carry)
+	}
+
+	return hi, lo, newOffset, nil
+}
+
+func append64(val uint64, b byte) (uint64, byte) {
+	return (val << 8) | uint64(b), byte(val >> 56)
 }
 
 // DecodeKey decodes a map key into []byte slice. We use a []byte so that we
@@ -509,12 +573,22 @@ func (d *DataDecoder) decodeFromTypeToDeserializer(
 
 		return offset, dser.Uint64(v)
 	case KindUint128:
-		v, offset, err := d.DecodeUint128(size, offset)
+		hi, lo, offset, err := d.DecodeUint128(size, offset)
 		if err != nil {
 			return 0, err
 		}
 
-		return offset, dser.Uint128(v)
+		// Convert hi/lo representation to big.Int for deserializer
+		value := new(big.Int)
+		if hi == 0 {
+			value.SetUint64(lo)
+		} else {
+			value.SetUint64(hi)
+			value.Lsh(value, 64)                        // Shift high part left by 64 bits
+			value.Or(value, new(big.Int).SetUint64(lo)) // OR with low part
+		}
+
+		return offset, dser.Uint128(value)
 	default:
 		return 0, mmdberrors.NewInvalidDatabaseError("unknown type: %d", dtype)
 	}

internal/decoder/decoder.go

@@ -52,28 +52,29 @@ func (d *Decoder) ReadBool() (bool, error) {
 		return false, d.wrapError(err)
 	}
 
-	if size > 1 {
-		return false, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (bool size of %v)",
-			size,
-		))
+	value, newOffset, err := d.d.DecodeBool(size, offset)
+	if err != nil {
+		return false, d.wrapError(err)
 	}
-
-	var value bool
-	value, _ = decodeBool(size, offset)
-	d.setNextOffset(offset)
+	d.setNextOffset(newOffset)
 	return value, nil
 }
 
 // ReadString reads the value pointed by the decoder as a string.
 //
 // Returns an error if the database is malformed or if the pointed value is not a string.
 func (d *Decoder) ReadString() (string, error) {
-	val, err := d.readBytes(KindString)
+	size, offset, err := d.decodeCtrlDataAndFollow(KindString)
 	if err != nil {
 		return "", d.wrapError(err)
 	}
-	return string(val), nil
+
+	value, newOffset, err := d.d.DecodeString(size, offset)
+	if err != nil {
+		return "", d.wrapError(err)
+	}
+	d.setNextOffset(newOffset)
+	return value, nil
 }
 
 // ReadBytes reads the value pointed by the decoder as bytes.
@@ -96,13 +97,6 @@ func (d *Decoder) ReadFloat32() (float32, error) {
 		return 0, d.wrapError(err)
 	}
 
-	if size != 4 {
-		return 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (float32 size of %v)",
-			size,
-		))
-	}
-
 	value, nextOffset, err := d.d.DecodeFloat32(size, offset)
 	if err != nil {
 		return 0, d.wrapError(err)
@@ -121,13 +115,6 @@ func (d *Decoder) ReadFloat64() (float64, error) {
 		return 0, d.wrapError(err)
 	}
 
-	if size != 8 {
-		return 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (float64 size of %v)",
-			size,
-		))
-	}
-
 	value, nextOffset, err := d.d.DecodeFloat64(size, offset)
 	if err != nil {
 		return 0, d.wrapError(err)
@@ -146,20 +133,12 @@ func (d *Decoder) ReadInt32() (int32, error) {
 		return 0, d.wrapError(err)
 	}
 
-	if size > 4 {
-		return 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (int32 size of %v)",
-			size,
-		))
-	}
-
 	value, nextOffset, err := d.d.DecodeInt32(size, offset)
 	if err != nil {
 		return 0, d.wrapError(err)
 	}
 
 	d.setNextOffset(nextOffset)
-
 	return value, nil
 }
 
@@ -172,13 +151,6 @@ func (d *Decoder) ReadUInt16() (uint16, error) {
 		return 0, d.wrapError(err)
 	}
 
-	if size > 2 {
-		return 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (uint16 size of %v)",
-			size,
-		))
-	}
-
 	value, nextOffset, err := d.d.DecodeUint16(size, offset)
 	if err != nil {
 		return 0, d.wrapError(err)
@@ -197,13 +169,6 @@ func (d *Decoder) ReadUInt32() (uint32, error) {
 		return 0, d.wrapError(err)
 	}
 
-	if size > 4 {
-		return 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (uint32 size of %v)",
-			size,
-		))
-	}
-
 	value, nextOffset, err := d.d.DecodeUint32(size, offset)
 	if err != nil {
 		return 0, d.wrapError(err)
@@ -222,13 +187,6 @@ func (d *Decoder) ReadUInt64() (uint64, error) {
 		return 0, d.wrapError(err)
 	}
 
-	if size > 8 {
-		return 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (uint64 size of %v)",
-			size,
-		))
-	}
-
 	value, nextOffset, err := d.d.DecodeUint64(size, offset)
 	if err != nil {
 		return 0, d.wrapError(err)
@@ -247,36 +205,15 @@ func (d *Decoder) ReadUInt128() (hi, lo uint64, err error) {
 		return 0, 0, d.wrapError(err)
 	}
 
-	if size > 16 {
-		return 0, 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (uint128 size of %v)",
-			size,
-		))
-	}
-
-	if offset+size > uint(len(d.d.Buffer())) {
-		return 0, 0, d.wrapError(mmdberrors.NewInvalidDatabaseError(
-			"the MaxMind DB file's data section contains bad data (offset+size %d exceeds buffer length %d)",
-			offset+size,
-			len(d.d.Buffer()),
-		))
-	}
-
-	for _, b := range d.d.Buffer()[offset : offset+size] {
-		var carry byte
-		lo, carry = append64(lo, b)
-		hi, _ = append64(hi, carry)
+	hi, lo, nextOffset, err := d.d.DecodeUint128(size, offset)
+	if err != nil {
+		return 0, 0, d.wrapError(err)
 	}
 
-	d.setNextOffset(offset + size)
-
+	d.setNextOffset(nextOffset)
 	return hi, lo, nil
 }
 
-func append64(val uint64, b byte) (uint64, byte) {
-	return (val << 8) | uint64(b), byte(val >> 56)
-}
-
 // ReadMap returns an iterator to read the map. The first value from the
 // iterator is the key. Please note that this byte slice is only valid during
 // the iteration. This is done to avoid an unnecessary allocation. You must

internal/decoder/decoder_test.go

@@ -379,7 +379,7 @@ func TestBoundsChecking(t *testing.T) {
 	// This should fail gracefully with an error instead of panicking
 	_, err := decoder.ReadString()
 	require.Error(t, err)
-	require.Contains(t, err.Error(), "exceeds buffer length")
+	require.Contains(t, err.Error(), "unexpected end of database")
 
 	// Test DecodeBytes bounds checking with a separate buffer
 	bytesBuffer := []byte{
@@ -403,7 +403,7 @@ func TestBoundsChecking(t *testing.T) {
 
 	_, _, err = decoder2.ReadUInt128()
 	require.Error(t, err)
-	require.Contains(t, err.Error(), "exceeds buffer length")
+	require.Contains(t, err.Error(), "unexpected end of database")
 }
 
 func TestPeekKind(t *testing.T) {