Bugfix: lax_deserialize currently accepts deserializing from NaN#25
Bugfix: lax_deserialize currently accepts deserializing from NaN#25
Conversation
To be clear, the infinities were already rejected before, right?
Sounds good! |
You're right, I've missed that. I've changed the code to only check for
I'll do that then. |
|
Ok, this was a bit more complicated than anticipated because I totally forgot about the |
FSMaxB
force-pushed
the
fix-non-finite-floats
branch
from
fbd8dcf to
fd3097d
Compare
|
There's also |
|
Maybe it would be good for this use case though. |
|
Sorry about the force push, I still had
I'll look into that. Let's hope that it works with |
FSMaxB
force-pushed
the
fix-non-finite-floats
branch
from
fd3097d to
d578716
Compare
| assert_serialize(-100); | ||
| } | ||
|
|
||
| fn assert_serialize(number: i32) { |
There was a problem hiding this comment.
I was tempted to use #[track_caller] here but then I remembered that the MSRV is 1.35.
Using a macro would also be possible but I don't think it's really worth it.
| fn assert_serialize(number: i32) { | ||
| assert_ser_tokens( | ||
| &Int::from(number), | ||
| &[Token::NewtypeStruct { name: "Int" }, Token::I64(number as _)], |
There was a problem hiding this comment.
Writing out the NewTypeStruct serialization token I wonder: Is this behavior actually intended? Should a Serializer really know both the name of the struct and it's internal workings?
This relates to #16 because a manual Serialize implementation could avoid leaking such implementation details.
There was a problem hiding this comment.
That's a good point. Idk which serializers out there actually serialize sth. for NewtypeStruct, but I agree that we shouldn't emit it. If the derives aren't to be replaced entirely, #[serde(transparent)] could be used to get rid of it.
|
I have merged the first two commits (as one squashed commit) for now. It looks like you will have to rebase, which is a bit weird to me since I would expect a rebase to go through w/o any manual work needed. |
|
I'll close this pull request then and create a new one for the testing changes. I expect that this requires an interactive rebase, but no worries, I have experience with that 😁 . |
2 participants
With the
lax_deserializefeature,NaNcurrently deserializes to0. I don't think this was intended.Although this can't happen with
serde_jsonbecause JSON doesn't supportNaNetc., this can very well happen with other deserializers.This pull request fixes this by declinining to deserialize
NaN,Infinityand-Infinity.Note that using
IntoDeserializer, as I've done here, could be used for the other tests as well, thereby getting rid of the necessity to useserde_jsonif desired. (This, by extension, should make the tests work withno-stdagain, thereby making the workaround for serde-rs/json#516 obsolete as well ...).