How to verify untrusted buffers are valid schunks?

[milesgranger]

When exporting a schunk via blosc2_schunk_to_buffer, one can reconstruct withblosc2_schunk_from_buffer. However, if one attempts to call the latter with an invalid buffer it succeeds and then segfaults when calling subsequent blosc2 functions, like blosc2_schunk_avoid_cframe_free in my case.

Is there a way (perhaps I've missed) to verify it's a valid buffer beforehand? I've naively attempted blosc2_cbuffer_sizes to check if that returns an error, however it seems that's only meant for chunks, not schunks.

[FrancescAlted]

I don't think we currently have an API to test a valid schunk buffer beforehand.

A possible solution is to check for the 'b2frame' string in the schunk header. But this can be unsafe, and this is why we have added some space for storing a fingerprint in the schunk trailer. Unfortunately we have not implemented neither the fingerprint calculation (and hence, there is no check for it yet).