pub fn validate<R: Read>(reader: R) -> Result<(), Error>Expand description
Checks that the input contains exactly one well-formed CBOR item.
The input is walked structurally without building any values: no heap
memory is allocated. String bodies are skipped through a fixed-size
stack buffer and nesting is bounded by DEFAULT_RECURSION_LIMIT, so
adversarial input can neither exhaust memory nor the stack.
Beyond well-formedness (RFC 8949 ยง5.3.1) this verifies that text strings are valid UTF-8 (every segment of an indefinite-length text string on its own, as the RFC requires). Unassigned simple values are accepted: they are well-formed, even though the serde interface has no representation for them.
Trailing data after the item is an error; to handle a CBOR sequence (RFC 8742), validate items one at a time from the shared reader.
assert!(cbor2::validate(&b"\x83\x01\x02\x03"[..]).is_ok()); // [1, 2, 3]
assert!(cbor2::validate(&b"\x83\x01\x02"[..]).is_err()); // truncated
assert!(cbor2::validate(&b"\x62\xff\xfe"[..]).is_err()); // invalid UTF-8