refactor(pyth-sdk-solana): refactor attribute iterators

ali-behjati · ali-behjati · commit 71a378655bd2 · 2025-06-05T10:52:11.000+02:00
There are some assumptions outside this SDK on the product attributes
and the `size` field in particular that guarantee that the accesses
are safe. This commit refactors it to add extra levels of safety to
not rely on those assumptions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/pyth-sdk-solana/Cargo.toml b/pyth-sdk-solana/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "pyth-sdk-solana"
-version = "0.10.4"
+version = "0.10.5"
 authors = ["Pyth Data Foundation"]
 workspace = "../"
 edition = "2018"
diff --git a/pyth-sdk-solana/src/state.rs b/pyth-sdk-solana/src/state.rs
@@ -18,6 +18,7 @@ use pyth_sdk::{
 };
 use solana_program::clock::Clock;
 use solana_program::pubkey::Pubkey;
+use std::cmp::min;
 use std::mem::size_of;
 
 pub use pyth_sdk::{
@@ -192,7 +193,10 @@ pub struct ProductAccount {
 impl ProductAccount {
     pub fn iter(&self) -> AttributeIter {
         AttributeIter {
-            attrs: &self.attr[..(self.size as usize - PROD_HDR_SIZE)],
+            attrs: &self.attr[..min(
+                (self.size as usize).saturating_sub(PROD_HDR_SIZE),
+                PROD_ATTR_SIZE,
+            )],
         }
     }
 }
@@ -321,7 +325,8 @@ where
     /// space for future derived values
     pub drv2:           u8,
     /// space for future derived values
-    pub drv3:           u16,
+    pub drv31:          u8,
+    pub drv32:          u8,
     /// space for future derived values
     pub drv4:           u32,
     /// product account key
@@ -366,7 +371,8 @@ where
             timestamp:      Default::default(),
             min_pub:        Default::default(),
             drv2:           Default::default(),
-            drv3:           Default::default(),
+            drv31:          Default::default(),
+            drv32:          Default::default(),
             drv4:           Default::default(),
             prod:           Default::default(),
             next:           Default::default(),
@@ -574,21 +580,21 @@ impl<'a> Iterator for AttributeIter<'a> {
         if self.attrs.is_empty() {
             return None;
         }
-        let (key, data) = get_attr_str(self.attrs);
-        let (val, data) = get_attr_str(data);
+        let (key, data) = get_attr_str(self.attrs)?;
+        let (val, data) = get_attr_str(data)?;
         self.attrs = data;
         Some((key, val))
     }
 }
 
-fn get_attr_str(buf: &[u8]) -> (&str, &[u8]) {
+fn get_attr_str(buf: &[u8]) -> Option<(&str, &[u8])> {
     if buf.is_empty() {
-        return ("", &[]);
+        return Some(("", &[]));
     }
     let len = buf[0] as usize;
-    let str = std::str::from_utf8(&buf[1..len + 1]).expect("attr should be ascii or utf-8");
-    let remaining_buf = &buf[len + 1..];
-    (str, remaining_buf)
+    let str = std::str::from_utf8(&buf[1..len + 1]).ok()?;
+    let remaining_buf = &buf.get(len + 1..)?;
+    Some((str, remaining_buf))
 }
 
 #[cfg(test)]
