[ObjC] Revise tag parsing to have a 5 byte limit.

thomasvl · copybara-github · commit 024498f5ed56 · 2025-12-12T11:02:24.000-08:00
There is now a conformane test that checks overlong varints within tags; revise the tag
parsing to ensure it doesn't allow overlong
values.

PiperOrigin-RevId: 843754470
diff --git a/conformance/failure_list_objc.txt b/conformance/failure_list_objc.txt
@@ -1,4 +1,2 @@
 # JSON input or output tests are skipped (in conformance_objc.m) as mobile
 # platforms don't support JSON wire format to avoid code bloat.
-
-Required.*.ProtobufInput.BadTag_OverlongVarint                                                                     # Should have failed to parse, but didn't.
diff --git a/objectivec/GPBCodedInputStream.m b/objectivec/GPBCodedInputStream.m
@@ -206,22 +206,33 @@ int32_t GPBCodedInputStreamReadTag(GPBCodedInputStreamState *state) {
     return 0;
   }
 
-  uint64_t rawTag = (uint64_t)ReadRawVarint64(state);
-  state->lastTag = (int32_t)rawTag;
-  // Following _upb_Decoder_DecodeLongTag logic, fail if this is >32bit value.
-  if (rawTag > (uint64_t)UINT32_MAX) {
+  // The conformance tests now limit things to ensue the varint for a tag fits in 5 bytes. The logic
+  // for this parse is based on _upb_WireReader_ReadLongTag.
+  uint64_t rawTag = 0;
+  BOOL finishedParse = NO;
+  for (int i = 0; i < 5; i++) {
+    uint64_t byte = (uint64_t)ReadRawByte(state);
+    rawTag |= (byte & 0x7F) << (i * 7);
+    if ((byte & 0x80) == 0) {
+      finishedParse = YES;
+      break;
+    }
+  }
+  if (!finishedParse || (rawTag > (uint64_t)UINT32_MAX)) {
     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag, @"Invalid tag");
   }
+  uint32_t tag = (uint32_t)rawTag;
 
   // Tags have to include a valid wireformat.
-  if (!GPBWireFormatIsValidTag(state->lastTag)) {
+  if (!GPBWireFormatIsValidTag(tag)) {
     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag, @"Invalid wireformat in tag.");
   }
   // Zero is not a valid field number.
-  if (GPBWireFormatGetTagFieldNumber(state->lastTag) == 0) {
+  if (GPBWireFormatGetTagFieldNumber(tag) == 0) {
     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag,
                         @"A zero field number on the wire is invalid.");
   }
+  state->lastTag = (int32_t)tag;
   return state->lastTag;
 }
 
