[api_protobuf] Address copilot review: add bounds checking and clarify 32-bit loop intent

- Add bounds checking in decode_varint_content to prevent undefined behavior if decoded enum value exceeds 31 - Add clarifying comments that 32-bit loops in encode_content and get_size_calculation are intentional to support the full range of enum_as_bitmask (enums with up to 32 values) - The uint32_t storage type supports general-purpose enum_as_bitmask, not just ColorMode's 10 values
2025-10-20 18:53:47 +01:00 · 2025-10-18 11:56:40 -10:00
parent 27b876df93
commit ef52ce4d76
1 changed files with 13 additions and 2 deletions
--- a/script/api_protobuf/api_protobuf.py
+++ b/script/api_protobuf/api_protobuf.py
@@ -1472,11 +1472,16 @@ class RepeatedTypeInfo(TypeInfo):
        if self._use_pointer:
            return None
        if self._use_bitmask:
-            # For bitmask fields, decode enum value and set corresponding bit
+            # For bitmask fields, decode enum value and set corresponding bit, with bounds checking
            content = self._ti.decode_varint
            if content is None:
                return None
-            return f"case {self.number}: this->{self.field_name} |= (1U << static_cast<uint8_t>({content})); break;"
+            return (
+                f"case {self.number}: "
+                f"if (static_cast<uint8_t>({content}) <= 31) "
+                f"this->{self.field_name} |= (1U << static_cast<uint8_t>({content})); "
+                f"break;"
+            )
        content = self._ti.decode_varint
        if content is None:
            return None
@@ -1533,6 +1538,9 @@ class RepeatedTypeInfo(TypeInfo):
        if self._use_bitmask:
            # For bitmask fields, iterate through set bits and encode each enum value
            # The bitmask is stored as uint32_t where bit N represents enum value N
+            # Note: We iterate through all 32 bits to support the full range of enum_as_bitmask
+            # (enums with up to 32 values). Specific uses may have fewer values, but the
+            # generated code is general-purpose.
            assert isinstance(self._ti, EnumType), (
                "enum_as_bitmask only works with enum fields"
            )
@@ -1587,6 +1595,9 @@ class RepeatedTypeInfo(TypeInfo):
        if self._use_bitmask:
            # For bitmask fields, iterate through set bits and calculate size
            # Each set bit encodes one enum value (as varint)
+            # Note: We iterate through all 32 bits to support the full range of enum_as_bitmask
+            # (enums with up to 32 values). Specific uses may have fewer values, but the
+            # generated code is general-purpose.
            o = f"if ({name} != 0) {{\n"
            o += "  for (uint8_t bit = 0; bit < 32; bit++) {\n"
            o += f"    if ({name} & (1U << bit)) {{\n"