don't panic on truncated reserved bytes

currently the only caller, Vp8xChunk, validates input length, so the panic isn't reachable from the top-level sanitize. but the parse fn is public, so we shouldn't have a panicking path like that. Signed-off-by: Jessa <git@jessa0.com> Assisted-by: Claude:claude-opus-4-7
2026-04-24 08:25:32 +00:00 · 2026-04-24 08:25:32 +00:00 · 6b5705c32e
commit 6b5705c32e
parent f4e4fc2e58
1 changed files with 24 additions and 0 deletions
--- a/webpsan/src/parse/integers.rs
+++ b/webpsan/src/parse/integers.rs
@ -174,6 +174,11 @@ impl<const LEN: u32> WebmPrim for Reserved<LEN> {
    const ENCODED_LEN: u32 = LEN;

    fn parse<B: Buf>(mut buf: B) -> Result<Self, ParseError> {
+        ensure_attach!(
+            buf.remaining() >= Self::ENCODED_LEN as usize,
+            ParseError::TruncatedChunk,
+            WhileParsingType::new::<Self>(),
+        );
        for _ in 0..LEN {
            ensure_attach!(
                buf.get_u8() == 0,
@ -191,3 +196,22 @@ impl<const LEN: u32> WebmPrim for Reserved<LEN> {
        }
    }
 }
+
+#[cfg(test)]
+mod test {
+    use bytes::BytesMut;
+
+    use super::*;
+
+    #[test]
+    fn reserved_truncated() {
+        let err = Reserved::<3>::parse(&mut BytesMut::from(&[0, 0][..])).unwrap_err();
+        assert!(matches!(err.get_ref(), ParseError::TruncatedChunk), "{err}");
+    }
+
+    #[test]
+    fn reserved_truncated_empty() {
+        let err = Reserved::<1>::parse(&mut BytesMut::new()).unwrap_err();
+        assert!(matches!(err.get_ref(), ParseError::TruncatedChunk), "{err}");
+    }
+}