fix: StmtResponse rejects short body when schema=1 claimed

Decode previously accepted schema=1 bodies as short as 16 bytes,
silently producing tail_offset=None — indistinguishable from a
correct V0 body. A peer sending schema=1 but omitting tail_offset
would look identical to one sending schema=0. Require 24 bytes when
schema>=1 and 16 bytes when schema=0; raise DecodeError otherwise.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqlitewire/messages/responses.py

@@ -179,12 +179,15 @@ def encode_body(self) -> bytes:
 
     @classmethod
     def decode_body(cls, data: bytes, schema: int = 0) -> "StmtResponse":
+        expected = 24 if schema >= 1 else 16
+        if len(data) < expected:
+            raise DecodeError(
+                f"StmtResponse schema={schema} requires at least {expected} bytes, got {len(data)}"
+            )
         db_id = decode_uint32(data)
         stmt_id = decode_uint32(data[4:])
         num_params = decode_uint64(data[8:])
-        tail_offset: int | None = None
-        if schema >= 1 and len(data) >= 24:
-            tail_offset = decode_uint64(data[16:])
+        tail_offset = decode_uint64(data[16:]) if schema >= 1 else None
         return cls(db_id, stmt_id, num_params, tail_offset)
 
 

tests/test_messages_responses.py

@@ -3,7 +3,7 @@
 import pytest
 
 from dqlitewire.constants import HEADER_SIZE, ResponseType, ValueType
-from dqlitewire.exceptions import EncodeError
+from dqlitewire.exceptions import DecodeError, EncodeError
 from dqlitewire.messages.base import Header
 from dqlitewire.messages.responses import (
     DbResponse,
@@ -134,6 +134,23 @@ def test_v0_has_no_tail_offset(self) -> None:
         decoded = StmtResponse.decode_body(encoded[HEADER_SIZE:])
         assert decoded.tail_offset is None
 
+    def test_schema_0_rejects_short_body(self) -> None:
+        """235: Schema=0 body must be at least 16 bytes."""
+        with pytest.raises(DecodeError, match="requires at least 16 bytes"):
+            StmtResponse.decode_body(b"\x00" * 8, schema=0)
+
+    def test_schema_1_rejects_v0_length_body(self) -> None:
+        """235: Schema=1 demands 24 bytes.
+
+        A 16-byte body under schema=1 was previously accepted silently and
+        returned ``tail_offset=None``, indistinguishable from a real V0
+        body. That collapsed two different protocol states into one.
+        """
+        v0_body = b"\x01\x00\x00\x00" + b"\x02\x00\x00\x00" + b"\x03" + b"\x00" * 7
+        assert len(v0_body) == 16
+        with pytest.raises(DecodeError, match="requires at least 24 bytes"):
+            StmtResponse.decode_body(v0_body, schema=1)
+
 
 class TestResultResponse:
     def test_roundtrip(self) -> None: