You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by ah...@apache.org on 2020/06/30 14:16:47 UTC
[commons-codec] 11/18: Address out-of-bounds for array size with
int wrap-around
This is an automated email from the ASF dual-hosted git repository.
aherbert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-codec.git
commit 4024b4039a886ca1de2325ce04638c8e4ee340a5
Author: Adam Retter <ad...@googlemail.com>
AuthorDate: Wed Jun 24 13:15:24 2020 +0200
Address out-of-bounds for array size with int wrap-around
---
src/main/java/org/apache/commons/codec/binary/Base16.java | 7 ++++++-
src/test/java/org/apache/commons/codec/binary/Base16Test.java | 7 +++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/commons/codec/binary/Base16.java b/src/main/java/org/apache/commons/codec/binary/Base16.java
index 86ba2cf..886b5cd 100644
--- a/src/main/java/org/apache/commons/codec/binary/Base16.java
+++ b/src/main/java/org/apache/commons/codec/binary/Base16.java
@@ -220,7 +220,12 @@ public class Base16 extends BaseNCodec {
return;
}
- final byte[] buffer = ensureBufferSize(length * BYTES_PER_ENCODED_BLOCK, context);
+ final int size = length * BYTES_PER_ENCODED_BLOCK;
+ if (size < 0) {
+ throw new IllegalArgumentException("Input length exceeds maximum size for encoded data: " + length);
+ }
+
+ final byte[] buffer = ensureBufferSize(size, context);
final int end = offset + length;
for (int i = offset; i < end; i++) {
diff --git a/src/test/java/org/apache/commons/codec/binary/Base16Test.java b/src/test/java/org/apache/commons/codec/binary/Base16Test.java
index 0c06553..35e4054 100644
--- a/src/test/java/org/apache/commons/codec/binary/Base16Test.java
+++ b/src/test/java/org/apache/commons/codec/binary/Base16Test.java
@@ -483,6 +483,7 @@ public class Base16Test {
*
* @see <a href="https://issues.apache.org/jira/projects/CODEC/issues/CODEC-265">CODEC-265</a>
*/
+ @Test
public void testCodec265_over() {
// almost 1GiB file to encode: 2^29 bytes
final int size1GiB = 1 << 29;
@@ -510,6 +511,12 @@ public class Base16Test {
assertEquals(expectedLength, encoded.length);
}
+ @Test(expected = IllegalArgumentException.class)
+ public void checkEncodeLengthBounds() {
+ final Base16 base16 = new Base16();
+ base16.encode(new byte[10], 0, 1 << 30);
+ }
+
@Test
public void testIsInAlphabet() {
// invalid bounds