Skip to content

Commit e30cd34

Browse files
committed
fix: upgrade bincode 1.3 → 2.0 (RUSTSEC-2025-0141)
- Update bincode from 1.3.3 to 2.0.1 in all crates - Migrate API calls to bincode v2: - bincode::serialize() → bincode::serde::encode_to_vec() - bincode::deserialize() → bincode::serde::decode_from_slice() - Update error handling for EncodeError/DecodeError - Add http2 feature to hyper-rustls for compatibility Fixes RUSTSEC-2025-0141 (bincode unmaintained)
1 parent 26d6887 commit e30cd34

9 files changed

Lines changed: 85 additions & 23 deletions

File tree

Cargo.lock

Lines changed: 38 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

libsql-replication/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ cbc = "0.1.2"
2929

3030
[dev-dependencies]
3131
arbitrary = { version = "1.3.0", features = ["derive_arbitrary"] }
32-
bincode = "1.3.3"
32+
bincode = { version = "2", features = ["serde"] }
3333
tempfile = "3.8.0"
3434
prost-build = "0.13"
3535
tonic-build = "0.12"

libsql-server/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ async-trait = "0.1.58"
1818
axum = { version = "0.7", features = [] }
1919
axum-extra = { version = "0.9", features = ["query"] }
2020
base64 = "0.21.0"
21-
bincode = "1.3.3"
21+
bincode = { version = "2", features = ["serde"] }
2222
bottomless = { version = "0", path = "../bottomless", features = ["libsql_linked_statically"] }
2323
bytes = { version = "1.2.1", features = ["serde"] }
2424
bytesize = { version = "1.2.0", features = ["serde"] }

libsql-server/src/error.rs

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -244,8 +244,14 @@ impl From<tokio::sync::oneshot::error::RecvError> for Error {
244244
}
245245
}
246246

247-
impl From<bincode::Error> for Error {
248-
fn from(other: bincode::Error) -> Self {
247+
impl From<bincode::error::EncodeError> for Error {
248+
fn from(other: bincode::error::EncodeError) -> Self {
249+
Self::Internal(other.to_string())
250+
}
251+
}
252+
253+
impl From<bincode::error::DecodeError> for Error {
254+
fn from(other: bincode::error::DecodeError) -> Self {
249255
Self::Internal(other.to_string())
250256
}
251257
}

libsql-server/src/rpc/proxy.rs

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -97,21 +97,23 @@ pub mod rpc {
9797
fn try_from(value: crate::query::Params) -> Result<Self, Self::Error> {
9898
match value {
9999
crate::query::Params::Named(params) => {
100+
let config = bincode::config::legacy();
100101
let iter = params.into_iter().map(|(k, v)| -> Result<_, SqldError> {
101102
let v = Value {
102-
data: bincode::serialize(&v)?,
103+
data: bincode::serde::encode_to_vec(&v, config)?,
103104
};
104105
Ok((k, v))
105106
});
106107
let (names, values) = itertools::process_results(iter, |i| i.unzip())?;
107108
Ok(Self::Named(Named { names, values }))
108109
}
109110
crate::query::Params::Positional(params) => {
111+
let config = bincode::config::legacy();
110112
let values = params
111113
.iter()
112114
.map(|v| {
113115
Ok(Value {
114-
data: bincode::serialize(&v)?,
116+
data: bincode::serde::encode_to_vec(&v, config)?,
115117
})
116118
})
117119
.collect::<Result<Vec<_>, SqldError>>()?;
@@ -127,15 +129,23 @@ pub mod rpc {
127129
fn try_from(value: query::Params) -> Result<Self, Self::Error> {
128130
match value {
129131
query::Params::Positional(pos) => {
132+
let config = bincode::config::legacy();
130133
let params = pos
131134
.values
132135
.into_iter()
133-
.map(|v| bincode::deserialize(&v.data).map_err(|e| e.into()))
136+
.map(|v| -> Result<crate::query::Value, SqldError> {
137+
let (decoded, _) = bincode::serde::decode_from_slice(&v.data, config)?;
138+
Ok(decoded)
139+
})
134140
.collect::<Result<Vec<_>, SqldError>>()?;
135141
Ok(Self::Positional(params))
136142
}
137143
query::Params::Named(named) => {
138-
let values = named.values.iter().map(|v| bincode::deserialize(&v.data));
144+
let config = bincode::config::legacy();
145+
let values = named.values.iter().map(|v| -> Result<crate::query::Value, SqldError> {
146+
let (decoded, _) = bincode::serde::decode_from_slice(&v.data, config)?;
147+
Ok(decoded)
148+
});
139149
let params = itertools::process_results(values, |values| {
140150
named.names.into_iter().zip(values).collect()
141151
})?;
@@ -455,8 +465,10 @@ impl QueryResultBuilder for ExecuteResultsBuilder {
455465
}
456466

457467
fn add_row_value(&mut self, v: ValueRef) -> Result<(), QueryResultBuilderError> {
458-
let data = bincode::serialize(
468+
let config = bincode::config::legacy();
469+
let data = bincode::serde::encode_to_vec(
459470
&crate::query::Value::try_from(v).map_err(QueryResultBuilderError::from_any)?,
471+
config,
460472
)
461473
.map_err(QueryResultBuilderError::from_any)?;
462474

libsql/Cargo.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ tokio = { version = "1.29.1", features = ["sync"], optional = true }
1818
tokio-util = { version = "0.7", features = ["io-util", "codec"], optional = true }
1919
parking_lot = { version = "0.12.1", optional = true }
2020
hyper = { version = "1.0", features = ["client", "http1", "http2"], optional = true }
21-
hyper-rustls = { version = "0.27", features = ["webpki-roots"], optional = true }
21+
hyper-rustls = { version = "0.27", features = ["webpki-roots", "http2"], optional = true }
2222
http-body-util = { version = "0.1", optional = true }
2323
hyper-util = { version = "0.1", features = ["client", "tokio"], optional = true }
2424
base64 = { version = "0.21", optional = true }
@@ -29,7 +29,7 @@ bitflags = { version = "2.4.0", optional = true }
2929
tower = { workspace = true, features = ["util"], optional = true }
3030
worker = { version = "0.6.7", optional = true }
3131

32-
bincode = { version = "1", optional = true }
32+
bincode = { version = "2", optional = true, features = ["serde"] }
3333
anyhow = { version = "1.0.71", optional = true }
3434
bytes = { version = "1.4.0", features = ["serde"], optional = true }
3535
uuid = { version = "1.4.0", features = ["v4", "serde"], optional = true }

libsql/src/errors.rs

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -112,8 +112,15 @@ pub fn sqlite_errmsg_to_string(errmsg: *const std::ffi::c_char) -> String {
112112
}
113113

114114
#[cfg(feature = "replication")]
115-
impl From<bincode::Error> for Error {
116-
fn from(e: bincode::Error) -> Self {
117-
Error::Bincode(e.into())
115+
impl From<bincode::error::EncodeError> for Error {
116+
fn from(e: bincode::error::EncodeError) -> Self {
117+
Error::Bincode(e.to_string().into())
118+
}
119+
}
120+
121+
#[cfg(feature = "replication")]
122+
impl From<bincode::error::DecodeError> for Error {
123+
fn from(e: bincode::error::DecodeError) -> Self {
124+
Error::Bincode(e.to_string().into())
118125
}
119126
}

libsql/src/params.rs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -289,18 +289,20 @@ impl From<Params> for libsql_replication::rpc::proxy::query::Params {
289289
match params {
290290
Params::None => proxy::query::Params::Positional(proxy::Positional::default()),
291291
Params::Positional(values) => {
292+
let config = bincode::config::legacy();
292293
let values = values
293294
.iter()
294-
.map(|v| bincode::serialize(v).unwrap())
295+
.map(|v| bincode::serde::encode_to_vec(v, config).unwrap())
295296
.map(|data| proxy::Value { data })
296297
.collect::<Vec<_>>();
297298
proxy::query::Params::Positional(proxy::Positional { values })
298299
}
299300
Params::Named(values) => {
301+
let config = bincode::config::legacy();
300302
let (names, values) = values
301303
.into_iter()
302304
.map(|(name, value)| {
303-
let data = bincode::serialize(&value).unwrap();
305+
let data = bincode::serde::encode_to_vec(&value, config).unwrap();
304306
let value = proxy::Value { data };
305307
(name, value)
306308
})

libsql/src/value.rs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -458,8 +458,11 @@ impl TryFrom<&libsql_replication::rpc::proxy::Value> for Value {
458458
Blob(Vec<u8>),
459459
}
460460

461+
let config = bincode::config::legacy();
462+
let (decoded, _) = bincode::serde::decode_from_slice::<BincodeValue, _>(&value.data[..], config)
463+
.map_err(Error::from)?;
461464
Ok(
462-
match bincode::deserialize::<'_, BincodeValue>(&value.data[..]).map_err(Error::from)? {
465+
match decoded {
463466
BincodeValue::Null => Value::Null,
464467
BincodeValue::Integer(i) => Value::Integer(i),
465468
BincodeValue::Real(x) => Value::Real(x),

0 commit comments

Comments
 (0)