Panic in JSONB decoder on invalid version byte #4157
Description
Summary
The Postgres JSONB decoder panics on untrusted database input instead of returning an error, violating the Decode trait contract.
Location
sqlx-postgres/src/types/json.rs lines 88-92
Bug Description
The JSONB decoder uses assert_eq! to validate the JSONB format version byte:
assert_eq!(
buf[0], 1,
"unsupported JSONB format version {}; please open an issue",
buf[0]
);This causes a panic when the version byte is not 1, instead of returning an error as required by the Decode trait.
How to Reproduce
Any JSONB value with a version byte other than 0x01 will trigger this panic:
- Database corruption
- Malformed data from SQL injection
- Future PostgreSQL versions (if they change JSONB format)
Impact
Severity: High - This is an API contract violation with security implications:
- Application crash: The
Decodetrait returnsResult<T, Error>, but this code panics instead, bypassing error handling - Denial of Service: Attacker with database write access (or via SQL injection) can crash the application
- No graceful degradation: Applications cannot catch or handle this error
Expected Behavior
The decoder should return an Err() to allow the application to handle the error gracefully, as specified by the Decode trait contract.
Discovered By
Found through fuzzing with libFuzzer/cargo-fuzz as part of security testing.
Fix
I have a fix ready that replaces the assertion with proper error handling. Opening a PR shortly.