From: Matt Corallo <git@bluematt.me>
Date: Thu, 28 Mar 2024 22:06:36 +0000 (+0000)
Subject: Allow `MaybeReadable` to not fully read in `upgradable_option`
X-Git-Tag: v0.0.123-beta~14^2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?p=rust-lightning;a=commitdiff_plain;h=f852d16d924a9c547c8c4995a8e61cda711711af

Allow `MaybeReadable` to not fully read in `upgradable_option`

Whils this is generally not supported, issues in our
`MaybeReadable` implementations may occur, and we should try to be
robust against them.
---

diff --git a/lightning/src/util/ser_macros.rs b/lightning/src/util/ser_macros.rs
index d1e152fe..e1f4762e 100644
--- a/lightning/src/util/ser_macros.rs
+++ b/lightning/src/util/ser_macros.rs
@@ -400,6 +400,17 @@ macro_rules! _decode_tlv {
 	// but we can no longer understand it.
 	($outer_reader: expr, $reader: expr, $field: ident, upgradable_option) => {{
 		$field = $crate::util::ser::MaybeReadable::read(&mut $reader)?;
+		if $field.is_none() {
+			#[cfg(not(debug_assertions))] {
+				// In general, MaybeReadable implementations are required to consume all the bytes
+				// of the object even if they don't understand it, but due to a bug in the
+				// serialization format for `impl_writeable_tlv_based_enum_upgradable` we sometimes
+				// don't know how many bytes that is. In such cases, we'd like to spuriously allow
+				// TLV length mismatches, which we do here by calling `eat_remaining` so that the
+				// `s.bytes_remain()` check in `_decode_tlv_stream_range` doesn't fail.
+				$reader.eat_remaining()?;
+			}
+		}
 	}};
 	($outer_reader: expr, $reader: expr, $field: ident, (option: $trait: ident $(, $read_arg: expr)?)) => {{
 		$field = Some($trait::read(&mut $reader $(, $read_arg)*)?);