Add additional checks to tink/python/cc's streaming AEAD output buffers.

These checks are not really needed, but I think it's better to add them.

PiperOrigin-RevId: 766178948
Change-Id: I4c24a1aea531d08d16bb2b6bb3ad72756cf240ea

Author: juergw

tink/cc/BUILD.bazel

@@ -107,6 +107,7 @@ cc_library(
     hdrs = ["output_stream_adapter.h"],
     include_prefix = "tink/cc",
     deps = [
+        "@com_google_absl//absl/log:check",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",

tink/cc/output_stream_adapter.cc

@@ -20,6 +20,7 @@
 #include <cstdint>
 #include <cstring>
 
+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
@@ -40,6 +41,7 @@ absl::StatusOr<int64_t> OutputStreamAdapter::Write(absl::string_view data) {
     if (write_count < available) stream_->BackUp(available - write_count);
     written += write_count;
   }
+  CHECK(written == data.size());
   return written;
 }
 

tink/cc/python_output_stream.cc

@@ -73,6 +73,16 @@ absl::StatusOr<int> PythonOutputStream::Next(void** data) {
 
   // Some data was written, so we can return some portion of buffer_.
   int written = write_result.value();
+
+  // This should not happen, because the only implementation of
+  // PythonFileObjectAdapter we have is FileObjectAdapter in
+  // _file_object_adapter.py, which never returns a value larger than the buffer
+  // size.
+  if (written > buffer_.size()) {
+    return status_ = absl::Status(absl::StatusCode::kInternal,
+                                  "Invalid value returned by Write");
+  }
+
   position_ += written;
   count_in_buffer_ = buffer_.size();
   buffer_offset_ = buffer_.size() - written;