You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/02/03 11:15:58 UTC
[cxf] 02/02: Use Math.exact to add two ints that might come from user data
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit e607d5c197aaa07ae213aa129e7bc09003c8804c
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Feb 3 11:14:39 2022 +0000
Use Math.exact to add two ints that might come from user data
(cherry picked from commit daeafbf9f0817e5b7448c6f9ca930a29ed50bc1e)
---
.../main/java/org/apache/cxf/attachment/Base64DecoderStream.java | 2 +-
.../java/org/apache/cxf/attachment/MimeBodyPartInputStream.java | 6 +++---
.../main/java/org/apache/cxf/common/util/Base64OutputStream.java | 2 +-
core/src/main/java/org/apache/cxf/common/util/Base64Utility.java | 2 +-
core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java | 3 ++-
core/src/main/java/org/apache/cxf/io/ReaderInputStream.java | 2 +-
.../java/org/apache/cxf/transport/websocket/WebSocketUtils.java | 2 +-
7 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java b/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java
index 134553f..45d6529 100644
--- a/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java
+++ b/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java
@@ -191,6 +191,6 @@ public class Base64DecoderStream extends FilterInputStream {
@Override
public int available() throws IOException {
- return ((in.available() / 4) * 3) + decodedCount;
+ return Math.addExact((in.available() / 4) * 3, decodedCount);
}
}
diff --git a/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java b/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java
index ab80b89..bdabf05 100644
--- a/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java
+++ b/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java
@@ -60,11 +60,11 @@ public class MimeBodyPartInputStream extends InputStream {
return 0;
}
boolean bufferCreated = false;
- if (len < boundary.length * 2) {
+ if (len < Math.addExact(boundary.length, boundary.length)) {
//buffer is too short to detect boundaries with it. We'll need to create a larger buffer
bufferCreated = true;
if (boundaryBuffer == null) {
- boundaryBuffer = new byte[boundary.length * 2];
+ boundaryBuffer = new byte[Math.addExact(boundary.length, boundary.length)];
}
b = boundaryBuffer;
off = 0;
@@ -75,7 +75,7 @@ public class MimeBodyPartInputStream extends InputStream {
}
int read = 0;
int idx = 0;
- while (read >= 0 && idx < len && idx < (boundary.length * 2)) {
+ while (read >= 0 && idx < len && idx < Math.addExact(boundary.length, boundary.length)) {
//make sure we read enough to detect the boundary
read = inStream.read(b, off + idx, len - idx);
if (read != -1) {
diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
index e21c2fa..cddab83 100644
--- a/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
+++ b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
@@ -82,7 +82,7 @@ public class Base64OutputStream extends FilterOutputStream {
return buf;
}
private byte[] newArray(byte[] src, int srcPos, int srcLen, byte[] src2, int srcPos2, int srcLen2) {
- byte[] buf = new byte[srcLen + srcLen2];
+ byte[] buf = new byte[Math.addExact(srcLen, srcLen2)];
System.arraycopy(src, srcPos, buf, 0, srcLen);
System.arraycopy(src2, srcPos2, buf, srcLen, srcLen2);
return buf;
diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
index 9a12b2b..2be3d3e 100644
--- a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
+++ b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
@@ -161,7 +161,7 @@ public final class Base64Utility {
byte[] ob = new byte[octetCount];
int obcount = 0;
- for (int i = o; i < o + l && i < id.length; i++) {
+ for (int i = o; i < Math.addExact(o, l) && i < id.length; i++) {
if (id[i] == PAD
|| id[i] < BDT.length
&& BDT[id[i]] != Byte.MAX_VALUE) {
diff --git a/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java b/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java
index d07a51e..ea4ce34 100644
--- a/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java
@@ -70,7 +70,8 @@ public final class CompressionUtils {
compresser.setInput(tokenBytes);
compresser.finish();
- byte[] output = new byte[tokenBytes.length * 2];
+ int tokenBytesLength = tokenBytes.length;
+ byte[] output = new byte[Math.addExact(tokenBytesLength, tokenBytesLength)];
int compressedDataLength = compresser.deflate(output);
diff --git a/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java b/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java
index e95ed88..6f669b7 100644
--- a/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java
+++ b/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java
@@ -223,7 +223,7 @@ public class ReaderInputStream extends InputStream {
if (b == null) {
throw new NullPointerException("Byte array must not be null");
}
- if (len < 0 || off < 0 || (off + len) > b.length) {
+ if (len < 0 || off < 0 || Math.addExact(off, len) > b.length) {
throw new IndexOutOfBoundsException("Array Size=" + b.length
+ ", offset=" + off + ", length=" + len);
}
diff --git a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java
index 85ce616..ef74593 100644
--- a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java
+++ b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java
@@ -169,7 +169,7 @@ public final class WebSocketUtils {
*/
public static byte[] buildResponse(byte[] headers, byte[] data, int offset, int length) {
final int hlen = headers != null ? headers.length : 0;
- byte[] longdata = new byte[length + 2 + hlen];
+ byte[] longdata = new byte[Math.addExact(length, hlen) + 2];
if (hlen > 0) {
System.arraycopy(headers, 0, longdata, 0, hlen);