Change decodeTypeAndVal to return an error if the first octet is 0.
diff --git a/ndn-cpp/encoding/BinaryXMLDecoder.c b/ndn-cpp/encoding/BinaryXMLDecoder.c
index ad32909..f5e4928 100644
--- a/ndn-cpp/encoding/BinaryXMLDecoder.c
+++ b/ndn-cpp/encoding/BinaryXMLDecoder.c
@@ -28,6 +28,7 @@
char *ndn_BinaryXMLDecoder_decodeTypeAndValue(struct ndn_BinaryXMLDecoder *self, unsigned int *type, unsigned int *valueOut)
{
unsigned int value = 0;
+ int gotFirstOctet = 0;
while (1) {
if (self->offset >= self->inputLength)
@@ -35,6 +36,13 @@
unsigned int octet = unsafeReadOctet(self);
+ if (!gotFirstOctet) {
+ if (octet == 0)
+ return "ndn_BinaryXMLDecoder_decodeTypeAndVal: the first header octet may not be zero";
+
+ gotFirstOctet = 1;
+ }
+
if (octet & ndn_BinaryXML_TT_FINAL) {
// Finished.
*type = octet & ndn_BinaryXML_TT_MASK;
diff --git a/ndn-cpp/encoding/BinaryXMLDecoder.h b/ndn-cpp/encoding/BinaryXMLDecoder.h
index 7696541..0f3285b 100644
--- a/ndn-cpp/encoding/BinaryXMLDecoder.h
+++ b/ndn-cpp/encoding/BinaryXMLDecoder.h
@@ -26,11 +26,10 @@
/**
* Decode the header's type and value from self's input starting at offset. Update offset.
- * Even though the first byte should not be zero, this silently ignores initial zeros.
* @param self pointer to the ndn_BinaryXMLDecoder struct
* @param type output for the header type
* @param value output for the header value
- * @return 0 for success, else an error string for read past the end of the input
+ * @return 0 for success, else an error string for read past the end of the input or if the initial byte is zero
*/
char *ndn_BinaryXMLDecoder_decodeTypeAndValue(struct ndn_BinaryXMLDecoder *self, unsigned int *type, unsigned int *value);