test: comprehensive coverage for indefinite-length CBOR map support (#23)

src/CborDecode.sol

@@ -110,6 +110,16 @@ library CborDecode {
             return LibCborElement.toCborElement(_type | ai, ix + 1, 0);
         }
         require(_type == expectedType, "unexpected type");
+        if (ai == 31) {
+            // Indefinite-length encoding is only defined for maps (0xBF) and
+            // arrays (0x9F) per RFC 8949.  Other major types with ai=31 (e.g.
+            // 0x5F, 0x7F, 0x1F) are reserved or chunked encodings that this
+            // decoder does not support.  Downstream validation in
+            // validateAttestation() would also catch these cases, but rejecting
+            // here gives an immediate, unambiguous revert.
+            require(_type == 0xa0 || _type == 0x80, "indefinite-length only for maps/arrays");
+            return LibCborElement.toCborElement(_type, ix + 1, 0);
+        }
         require(ai < 28, "unsupported type");
         if (ai == 24) {
             return LibCborElement.toCborElement(_type, ix + 2, uint8(cbor[ix + 1]));

src/NitroValidator.sol

@@ -153,6 +153,8 @@ contract NitroValidator {
         Ptrs memory ptrs;
         uint256 end = payload.end();
         while (current.end() < end) {
+            // Break marker (0xFF) terminates indefinite-length maps
+            if (uint8(attestationTbs[current.end()]) == 0xff) break;
             current = attestationTbs.nextTextString(current);
             bytes32 keyHash = attestationTbs.keccak(current);
             if (keyHash == MODULE_ID_KEY) {