Update readme to point to v2

Fix invalid type assertion in LoadBytes (#733 )
Fixes #732
2022-04-27 21:51:02 -04:00 · 2022-01-05 09:17:32 -05:00 · 2021-12-31 13:31:17 -05:00 · 2021-10-17 20:56:41 -04:00 · 2021-09-27 19:11:21 -04:00
7 changed files with 77 additions and 29 deletions
@@ -2,6 +2,19 @@

 Go library for the [TOML](https://toml.io/) format.

+
+⚠️ This readme is for go-toml v1. As for 2022-04-27,
+[go-toml v2](https://github.com/pelletier/go-toml/tree/v2) has been released.
+
+The new version contains tons of bug fixes, is much faster, and more
+importantly maintained. You are strongly encouraged to use it instead of v1!
+
+[👉 go-toml v2](https://github.com/pelletier/go-toml/tree/v2)
+
+v1 will not receive any updates.
+
+---
+
 This library supports TOML version
 [v1.0.0-rc.3](https://toml.io/en/v1.0.0-rc.3)

@@ -25,9 +38,9 @@ and [much faster][v2-bench]. If you only need reading and writing TOML documents
 (majority of cases), those features are implemented and the API unlikely to
 change.

-The remaining features (Document structure editing and tooling) will be added
-shortly. While pull-requests are welcome on v1, no active development is
-expected on it. When v2.0.0 is released, v1 will be deprecated.
+The remaining features will be added shortly. While pull-requests are welcome on
+v1, no active development is expected on it. When v2.0.0 is released, v1 will be
+deprecated.

 👉 [go-toml v2][v2]

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version    | Supported          |
+| ---------- | ------------------ |
+| Latest 2.x | :white_check_mark: |
+| All 1.x    | :x:                |
+| All 0.x    | :x:                |
+
+## Reporting a Vulnerability
+
+Email a vulnerability report to `security@pelletier.codes`. Make sure to include
+as many details as possible to reproduce the vulnerability. This is a
+side-project: I will try to get back to you as quickly as possible, time
+permitting in my personal life. Providing a working patch helps very much!
@@ -1113,7 +1113,7 @@ func (d *Decoder) valueFromToml(mtype reflect.Type, tval interface{}, mval1 *ref
 				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
 			}

-			if val.Convert(reflect.TypeOf(int(1))).Int() < 0 {
+			if val.Type().Kind() != reflect.Uint64 && val.Convert(reflect.TypeOf(int(1))).Int() < 0 {
 				return reflect.ValueOf(nil), fmt.Errorf("%v(%T) is negative so does not fit in %v", tval, tval, mtype.String())
 			}
 			if reflect.Indirect(reflect.New(mtype)).OverflowUint(val.Convert(reflect.TypeOf(uint64(0))).Uint()) {
@@ -4119,3 +4119,13 @@ ErrorField = "foo"
 		t.Fatalf("error was expected")
 	}
 }
+
+func TestGithubIssue732(t *testing.T) {
+	var v interface{}
+	data := []byte("a=\nb=0")
+
+	err := Unmarshal(data, &v)
+	if err == nil {
+		t.Fatalf("error was expected")
+	}
+}
@@ -293,42 +293,41 @@ func (p *tomlParser) parseRvalue() interface{} {
 		return math.NaN()
 	case tokenInteger:
 		cleanedVal := cleanupNumberToken(tok.val)
-		var err error
-		var val int64
+		base := 10
+		s := cleanedVal
+		checkInvalidUnderscore := numberContainsInvalidUnderscore
 		if len(cleanedVal) >= 3 && cleanedVal[0] == '0' {
 			switch cleanedVal[1] {
 			case 'x':
-				err = hexNumberContainsInvalidUnderscore(tok.val)
-				if err != nil {
-					p.raiseError(tok, "%s", err)
-				}
-				val, err = strconv.ParseInt(cleanedVal[2:], 16, 64)
+				checkInvalidUnderscore = hexNumberContainsInvalidUnderscore
+				base = 16
 			case 'o':
-				err = numberContainsInvalidUnderscore(tok.val)
-				if err != nil {
-					p.raiseError(tok, "%s", err)
-				}
-				val, err = strconv.ParseInt(cleanedVal[2:], 8, 64)
+				base = 8
 			case 'b':
-				err = numberContainsInvalidUnderscore(tok.val)
-				if err != nil {
-					p.raiseError(tok, "%s", err)
-				}
-				val, err = strconv.ParseInt(cleanedVal[2:], 2, 64)
+				base = 2
 			default:
 				panic("invalid base") // the lexer should catch this first
 			}
-		} else {
-			err = numberContainsInvalidUnderscore(tok.val)
-			if err != nil {
-				p.raiseError(tok, "%s", err)
-			}
-			val, err = strconv.ParseInt(cleanedVal, 10, 64)
+			s = cleanedVal[2:]
 		}
+
+		err := checkInvalidUnderscore(tok.val)
 		if err != nil {
 			p.raiseError(tok, "%s", err)
 		}
-		return val
+
+		var val interface{}
+		val, err = strconv.ParseInt(s, base, 64)
+		if err == nil {
+			return val
+		}
+
+		if s[0] != '-' {
+			if val, err = strconv.ParseUint(s, base, 64); err == nil {
+				return val
+			}
+		}
+		p.raiseError(tok, "%s", err)
 	case tokenFloat:
 		err := numberContainsInvalidUnderscore(tok.val)
 		if err != nil {
@@ -1162,3 +1162,10 @@ str3 = """\
 		t.Errorf("expected '%s', got '%s'", expected, got)
 	}
 }
+
+func TestUint(t *testing.T) {
+	tree, err := Load("hello = 18446744073709551615")
+	assertTree(t, tree, err, map[string]interface{}{
+		"hello": uint64(math.MaxUint64),
+	})
+}
@@ -471,7 +471,7 @@ func LoadBytes(b []byte) (tree *Tree, err error) {
 			if _, ok := r.(runtime.Error); ok {
 				panic(r)
 			}
-			err = errors.New(r.(string))
+			err = fmt.Errorf("%s", r)
 		}
 	}()
Author	SHA1	Message	Date
Thomas Pelletier	5dc006fb52	Update readme to point to v2	2022-04-27 21:51:02 -04:00
Cameron Moore	fed1464066	Fix invalid type assertion in LoadBytes (#733 ) Fixes #732	2022-01-05 09:17:32 -05:00
Thomas Pelletier	1baee4630f	README: don't mention document editing in v2	2021-12-31 13:31:17 -05:00
Thomas Pelletier	352072d51a	Create SECURITY.md	2021-10-17 20:56:41 -04:00
Wendell Sun	c42c3365f3	Support unmarshaling up to uint64 (#608 )	2021-09-27 19:11:21 -04:00