Validate the full 8-byte end marker in zero-column RowsResponse decoding

The decoder's fast path for column_count == 0 checked only the first
byte of the end-of-rows sentinel (0xff for DONE, 0xee for PART) and
accepted any 7 trailing bytes. The non-zero-column path goes through
decode_row_header, which validates the full 8-byte DQLITE_RESPONSE_ROWS_DONE
/ _PART word, so a torn or corrupt marker like 0xff 0x00..0x00 was
silently accepted on the zero-column path while being rejected on the
normal path. A legitimate peer always emits the full sentinel; treating
a torn shape as valid desynchronises the stream and risks returning a
wrong has_more value on zero-column results.

Use the same full-word compare against _ROW_DONE_MARKER /
_ROW_PART_MARKER on both paths and drop the now-unused ROW_DONE_BYTE /
ROW_PART_BYTE imports. Regression tests cover both torn DONE and torn
PART shapes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqlitewire/messages/responses.py

@@ -4,9 +4,7 @@
 from typing import Any, ClassVar
 
 from dqlitewire.constants import (
-    ROW_DONE_BYTE,
     ROW_DONE_MARKER,
-    ROW_PART_BYTE,
     ROW_PART_MARKER,
     WORD_SIZE,
     ResponseType,
@@ -15,6 +13,8 @@
 from dqlitewire.exceptions import DecodeError, EncodeError
 from dqlitewire.messages.base import Message
 from dqlitewire.tuples import (
+    _ROW_DONE_MARKER,
+    _ROW_PART_MARKER,
     RowMarker,
     decode_row_header,
     decode_row_values,
@@ -369,19 +369,23 @@ def decode_body(
 
         # Zero-column results cannot have row data (each row would be zero
         # bytes), so skip the row loop and consume the end marker directly.
+        # Validate the full 8-byte sentinel against DQLITE_RESPONSE_ROWS_DONE
+        # / _PART, matching the non-zero path (which goes through
+        # decode_row_header). A first-byte-only compare would silently accept
+        # torn markers like ``0xff 0x00..``.
         if column_count == 0:
             if offset + WORD_SIZE > len(view):
                 raise DecodeError(
                     "RowsResponse body exhausted without end marker (zero-column result)"
                 )
-            marker_byte = view[offset]
-            if marker_byte == ROW_DONE_BYTE:
+            marker = bytes(view[offset : offset + WORD_SIZE])
+            if marker == _ROW_DONE_MARKER:
                 has_more = False
-            elif marker_byte == ROW_PART_BYTE:
+            elif marker == _ROW_PART_MARKER:
                 has_more = True
             else:
                 raise DecodeError(
-                    f"Expected DONE or PART marker for zero-column result, got 0x{marker_byte:02x}"
+                    f"Expected DONE or PART marker for zero-column result, got 0x{marker.hex()}"
                 )
             return cls(
                 column_names=[],

tests/test_messages_responses.py

@@ -503,6 +503,25 @@ def test_zero_columns_missing_marker_raises(self) -> None:
         with pytest.raises(DecodeError, match="end marker"):
             RowsResponse.decode_body(data)
 
+    def test_zero_columns_rejects_torn_done_marker(self) -> None:
+        """Zero-column result with only the first byte of DONE must be
+        rejected — the non-zero-column path rejects the same torn shape
+        via decode_row_header, and both paths should be symmetric."""
+        from dqlitewire.types import encode_uint64
+
+        # column_count=0, followed by 0xff + 7 zero bytes (torn marker).
+        data = encode_uint64(0) + b"\xff" + b"\x00" * 7
+        with pytest.raises(DecodeError, match="marker"):
+            RowsResponse.decode_body(data)
+
+    def test_zero_columns_rejects_torn_part_marker(self) -> None:
+        """Zero-column result with only the first byte of PART must be rejected."""
+        from dqlitewire.types import encode_uint64
+
+        data = encode_uint64(0) + b"\xee" + b"\x00" * 7
+        with pytest.raises(DecodeError, match="marker"):
+            RowsResponse.decode_body(data)
+
     def test_decode_body_rejects_non_list_row_header(self) -> None:
         """decode_body must raise DecodeError if decode_row_header returns unexpected type."""
         from unittest.mock import patch