| … | |
… | |
| 48 | Subsequent occurrences can then be encoded by encoding the index |
48 | Subsequent occurrences can then be encoded by encoding the index |
| 49 | of a previously marked value tagged with the sharedref tag (value |
49 | of a previously marked value tagged with the sharedref tag (value |
| 50 | C<29>). That is, index 0 refers to the first value marked as |
50 | C<29>). That is, index 0 refers to the first value marked as |
| 51 | shareable in the CBOR stream, index 1 to the second and so on. |
51 | shareable in the CBOR stream, index 1 to the second and so on. |
| 52 | |
52 | |
| 53 | There is no requirement to actually refer to a value marked as |
53 | Any taggable value can be marked for sharing, and there is no requirement |
| 54 | shareable - encoders can mark any value they want without ever |
54 | to actually refer to a value marked as shareable - encoders can mark any |
| 55 | referring to them. |
55 | value they want without ever referring to them. |
| 56 | |
56 | |
| 57 | Implementors are advised that, to be able to encode cyclic structures, |
57 | Implementors are advised that, to be able to encode cyclic structures, |
| 58 | it must be possible to refer to a value before it is completely |
58 | it must be possible to refer to a value before it is completely |
| 59 | decoded. For example, during decoding of a map, some entries can |
59 | decoded. For example, during decoding of a map, some entries can |
| 60 | refer to the map being decoded. Thus an implementation cannot decode |
60 | refer to the map being decoded. Thus an implementation cannot decode |
| … | |
… | |
| 150 | d8 1c # tag(28) |
150 | d8 1c # tag(28) |
| 151 | 81 # array(1) |
151 | 81 # array(1) |
| 152 | d8 1d # tag(29) |
152 | d8 1d # tag(29) |
| 153 | 00 # unsigned(0) |
153 | 00 # unsigned(0) |
| 154 | |
154 | |
|
|
155 | =head1 SECURITY CONSIDERATIONS |
|
|
156 | |
|
|
157 | Implementing this extension can open up a decoder for additional resource |
|
|
158 | exhaustion attacks. |
|
|
159 | |
|
|
160 | The possibility to create cyclic data structures can create problems |
|
|
161 | for implementtaions that rely on garbage collection to clean up data |
|
|
162 | structures, and it could potentially lead to problems with algorithms that |
|
|
163 | can't cope with this, leading to infinite loops or similar problems. One |
|
|
164 | way to counter that is to not enable decoding of shared values by default, |
|
|
165 | so code that wants it can opt-in. Another way would be to disallow |
|
|
166 | decoding of cyclic data structures while still allowing other forms of |
|
|
167 | shared values (for example, by tracking whether a referenced value has |
|
|
168 | been fully decoded already and fail if not). |
|
|
169 | |
|
|
170 | Implementations that decode shared values by duplicating them could |
|
|
171 | also suffer from excessive expansion (e.g. having a string referenced |
|
|
172 | multiple times in an array, then having this array referenced multiple |
|
|
173 | times in another array and so on). This is not usually a problem as most |
|
|
174 | implementations already treat arrays and objects as references, and can |
|
|
175 | therefore avoid duplication. |
|
|
176 | |
| 155 | =head1 IMPLEMENTATIONS |
177 | =head1 IMPLEMENTATIONS |
| 156 | |
178 | |
| 157 | This section lists known implementations of this extension (L<drop me a |
179 | This section lists known implementations of this extension (L<drop me a |
| 158 | mail|mailto:cbor@schmorp.de?Subject=CBOR-value-sharing> if you want to be |
180 | mail|mailto:cbor@schmorp.de?Subject=CBOR-value-sharing> if you want to be |
| 159 | listed here). |
181 | listed here). |
| … | |
… | |
| 164 | |
186 | |
| 165 | =item * [JavaScript] L<borc-refs|https://github.com/sandhawke/borc-refs> |
187 | =item * [JavaScript] L<borc-refs|https://github.com/sandhawke/borc-refs> |
| 166 | |
188 | |
| 167 | =item * [Perl] L<CBOR::Free|https://metacpan.org/pod/CBOR::Free> |
189 | =item * [Perl] L<CBOR::Free|https://metacpan.org/pod/CBOR::Free> |
| 168 | |
190 | |
|
|
191 | =item * [Nodejs] L<node-cbor|https://github.com/hildjj/node-cbor/> |
|
|
192 | |
| 169 | =back |
193 | =back |
| 170 | |
194 | |
