Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-3049

Java: BinaryDecoder lacks checks on bytes array length

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.11.0, 1.10.2
    • java
    • None

    Description

      There are several checks on string length in BinaryDecoder. However, it lacks the same checks for byte arrays.

      • Negative lengths lead to IllegalArgumentException instead of org.apache.avro.AvroRuntimeException
      • Pathologically large (however legal) arrays can be allocated. Some applications will be suffer denial of service if they are forced to allocate 1 GB arrays repeatedly.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. AVRO-2179 Malformed data, the BinaryDecoder allocates large arrays

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              jkarp John Karp
              jkarp John Karp
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: