This is an automated email from the ASF dual-hosted git repository. thiru pushed a commit to branch AVRO-2220-handle-negative-lengths in repository https://gitbox.apache.org/repos/asf/avro.git
commit 355d51ba1e09ae73737160880ee2f07f953ceb6e Author: Thiruvalluvan M G <[email protected]> AuthorDate: Tue Oct 2 22:23:19 2018 +0530 Handled possible negative lengths in data in decoder --- lang/c++/impl/BinaryDecoder.cc | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/lang/c++/impl/BinaryDecoder.cc b/lang/c++/impl/BinaryDecoder.cc index af71eac..c0fa10c 100644 --- a/lang/c++/impl/BinaryDecoder.cc +++ b/lang/c++/impl/BinaryDecoder.cc @@ -58,6 +58,7 @@ class BinaryDecoder : public Decoder { int64_t doDecodeLong(); size_t doDecodeItemCount(); + size_t doDecodeLength(); void more(); }; @@ -115,9 +116,19 @@ double BinaryDecoder::decodeDouble() return result; } +size_t BinaryDecoder::doDecodeLength() +{ + ssize_t len = decodeInt(); + if (len < 0) { + throw Exception( + boost::format("Cannot have negative length: %1%") % len); + } + return len; +} + void BinaryDecoder::decodeString(std::string& value) { - size_t len = decodeInt(); + size_t len = doDecodeLength(); value.resize(len); if (len > 0) { in_.readBytes(reinterpret_cast<uint8_t*>(&value[0]), len); @@ -126,13 +137,13 @@ void BinaryDecoder::decodeString(std::string& value) void BinaryDecoder::skipString() { - size_t len = decodeInt(); + size_t len = doDecodeLength(); in_.skipBytes(len); } void BinaryDecoder::decodeBytes(std::vector<uint8_t>& value) { - size_t len = decodeInt(); + size_t len = doDecodeLength(); value.resize(len); if (len > 0) { in_.readBytes(&value[0], len); @@ -141,7 +152,7 @@ void BinaryDecoder::decodeBytes(std::vector<uint8_t>& value) void BinaryDecoder::skipBytes() { - size_t len = decodeInt(); + size_t len = doDecodeLength(); in_.skipBytes(len); }
