Stable marshaller produces different wire for nil structure #75

New issue

Closed

opened 2025-12-28 18:12:27 +00:00 by sami · 5 comments

sami commented 2025-12-28 18:12:27 +00:00

Owner

Copy link

Originally created by @alexvanin on GitHub (Apr 25, 2022).

Originally assigned to: @fyrchik on GitHub.

Here is the example where stable marshaler produces different wire data compare to default proto.Marshaler.

var nilAttribute *object.Attribute
attrs := []*object.Attribute{nilAttribute}

hdr := new(object.Header)
hdr.SetAttributes(attrs)

o := new(object.Object)
o.SetHeader(hdr)

val, err := o.StableMarshal(nil)
require.NoError(t, err)

val2, err := proto.Marshal(o.ToGRPCMessage().(proto.Message))
require.NoError(t, err)


// expected: []byte{0x1a, 0x0}
// actual  : []byte{0x1a, 0x2, 0x52, 0x0}
require.Equal(t, val, val2)

This can lead to unexpected signature check failures, because client side calls StableMarshal() to generate signature, and server side calls proto.Unmarshal() + StableMarshal(). They produce different wire output which leads to signature check failure.

We mostly avoid nil structures, but clarification of expected behavior will be appreciated.

Originally created by @alexvanin on GitHub (Apr 25, 2022). Originally assigned to: @fyrchik on GitHub. Here is the example where stable marshaler produces different wire data compare to default `proto.Marshaler`. ```go var nilAttribute *object.Attribute attrs := []*object.Attribute{nilAttribute} hdr := new(object.Header) hdr.SetAttributes(attrs) o := new(object.Object) o.SetHeader(hdr) val, err := o.StableMarshal(nil) require.NoError(t, err) val2, err := proto.Marshal(o.ToGRPCMessage().(proto.Message)) require.NoError(t, err) // expected: []byte{0x1a, 0x0} // actual : []byte{0x1a, 0x2, 0x52, 0x0} require.Equal(t, val, val2) ``` This can lead to unexpected signature check failures, because client side calls `StableMarshal()` to generate signature, and server side calls `proto.Unmarshal() + StableMarshal()`. They produce different wire output which leads to signature check failure. We mostly avoid `nil` structures, but clarification of expected behavior will be appreciated.

sami 2025-12-28 18:12:27 +00:00

• closed this issue
• added the
  discussion
  U2
  labels

sami commented 2025-12-28 18:12:28 +00:00

Author

Owner

Copy link

@alexvanin commented on GitHub (Apr 25, 2022):

A bit of clarification.

(1) Client side sets nil structure to repeated list of attributes, uses StableMarshal() and generates message based on []byte{0x1a, 0x0} value.

(2) Then client sends structure to the server over gRPC which uses proto.Marshal with []byte{0x1a, 0x2, 0x52, 0x0} wire.

(3) Server receives []byte{0x1a, 0x2, 0x52, 0x0} and unmarshals it to a list with empty attribute value

(4) Server calls StableMarshal() and generates message based on []byte{0x1a, 0x2, 0x52, 0x0} value

(5) Signature check fails.

Can be fixed by https://github.com/nspcc-dev/neofs-api-go/issues/384 probably, but this is a long-term issue.

@alexvanin commented on GitHub (Apr 25, 2022): A bit of clarification. (1) Client side sets `nil` structure to repeated list of attributes, uses `StableMarshal()` and generates message based on `[]byte{0x1a, 0x0}` value. (2) Then client sends structure to the server over `gRPC` which uses `proto.Marshal` with `[]byte{0x1a, 0x2, 0x52, 0x0}` wire. (3) Server receives `[]byte{0x1a, 0x2, 0x52, 0x0}` and unmarshals it to a list with empty attribute value (4) Server calls `StableMarshal()` and generates message based on `[]byte{0x1a, 0x2, 0x52, 0x0}` value (5) Signature check fails. Can be fixed by https://github.com/nspcc-dev/neofs-api-go/issues/384 probably, but this is a long-term issue.

sami commented 2025-12-28 18:12:28 +00:00

Author

Owner

Copy link

@alexvanin commented on GitHub (Apr 26, 2022):

This is not the case for object.Attribute after https://github.com/nspcc-dev/neofs-api-go/pull/377 but we still have some pointer slices here and there.

@alexvanin commented on GitHub (Apr 26, 2022): This is not the case for `object.Attribute` after https://github.com/nspcc-dev/neofs-api-go/pull/377 but we still have some pointer slices here and there.

sami commented 2025-12-28 18:12:28 +00:00

Author

Owner

Copy link

@fyrchik commented on GitHub (Apr 26, 2022):

I believe, we have slices of pointers only in grpc sub-packages or in conversion functions.

If we are talking about the spec only, what about disallowing to have nil in slices completely? List of attributes, ID's etc. should always be filled.

@fyrchik commented on GitHub (Apr 26, 2022): I believe, we have slices of pointers only in `grpc` sub-packages or in conversion functions. If we are talking about the spec only, what about disallowing to have `nil` in slices completely? List of attributes, ID's etc. should always be filled.

sami commented 2025-12-28 18:12:28 +00:00

Author

Owner

Copy link

@alexvanin commented on GitHub (Apr 26, 2022):

If we are talking about the spec only, what about disallowing to have nil in slices completely? List of attributes, ID's etc. should always be filled.

Seems good enough. So we can say that properties of stable marshaling are:

• encode fields in wire in non-descending order,
• consider nil messages as non-existing in repeated fields.

If everyone agree with that, the issue can be closed.

@alexvanin commented on GitHub (Apr 26, 2022): > If we are talking about the spec only, what about disallowing to have nil in slices completely? List of attributes, ID's etc. should always be filled. Seems good enough. So we can say that properties of stable marshaling are: - encode fields in wire in non-descending order, - consider `nil` messages as non-existing in `repeated` fields. If everyone agree with that, the issue can be closed.

sami commented 2025-12-28 18:12:28 +00:00

Author

Owner

Copy link

@cthulhu-rider commented on GitHub (May 16, 2022):

consider nil messages as non-existing in repeated fields

👍

@cthulhu-rider commented on GitHub (May 16, 2022): > consider nil messages as non-existing in repeated fields :+1:

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

feature/object-separate-replication

detached

v2.14.0

v2.13.1

v2.13.0

v2.12.2

v2.12.1

v2.12.0

v2.11.1

v2.11.0

v2.11.0-pre

v1.30.0

v1.29.0

v1.28.3

v1.28.2

v1.28.1

v1.28.0

v1.27.1

v1.27.0

v1.26.1

v1.26.0

v1.25.0

v1.24.0

v1.23.0

v1.22.2

v1.22.1

v1.22.0

v1.22.0-rc.1

v1.21.2

v1.21.1

v1.21.0

show

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v2.0.0-rc1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.7.6

v0.7.5

v0.7.4

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.2

v0.4.1

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.0

Labels

Clear labels   

I1

  

I2

  

I3

  

I4

  

S1

  

S2

  

S3

  

S4

  

S4

  

U2

  

U4

  

U4

  

blocked

  

bug

  

discussion

  

documentation

  

enhancement

  

feature

  

go

  

question

  

question

No labels

I1

I2

I3

I4

S1

S2

S3

S4

S4

U2

U4

U4

blocked

bug

discussion

documentation

enhancement

feature

go

question

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

nspcc-dev/neofs-api-go#75

No description provided.