This is an automated email from the ASF dual-hosted git repository.
swebb2066 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git
The following commit(s) were added to refs/heads/master by this push:
new 7902fdce Invalid ByteBuffer state that can lead to incorrect
read/write sizes (#622)
7902fdce is described below
commit 7902fdce08f2cfef70ef1b759c2e1bf047c68318
Author: jmestwa-coder <[email protected]>
AuthorDate: Sun Apr 5 12:48:42 2026 +0530
Invalid ByteBuffer state that can lead to incorrect read/write sizes (#622)
---
src/main/cpp/bytearrayoutputstream.cpp | 13 ++++++++++---
src/main/cpp/bytebuffer.cpp | 5 +++++
src/main/cpp/inputstreamreader.cpp | 12 ++++++++++--
src/main/cpp/socketoutputstream.cpp | 14 +++++++++++---
4 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/src/main/cpp/bytearrayoutputstream.cpp
b/src/main/cpp/bytearrayoutputstream.cpp
index 8df3c2e6..cfd45433 100644
--- a/src/main/cpp/bytearrayoutputstream.cpp
+++ b/src/main/cpp/bytearrayoutputstream.cpp
@@ -49,9 +49,16 @@ void ByteArrayOutputStream::flush(Pool& /* p */)
void ByteArrayOutputStream::write(ByteBuffer& buf, Pool& /* p */ )
{
- size_t sz = m_priv->array.size();
- m_priv->array.resize(sz + buf.remaining());
- memcpy(&m_priv->array[sz], buf.current(), buf.remaining());
+ const size_t count = buf.remaining();
+ const size_t sz = m_priv->array.size();
+
+ if (count > m_priv->array.max_size() - sz)
+ {
+ throw
IllegalArgumentException(LOG4CXX_STR("ByteArrayOutputStream::write overflow"));
+ }
+
+ m_priv->array.resize(sz + count);
+ memcpy(&m_priv->array[sz], buf.current(), count);
buf.position(buf.limit());
}
diff --git a/src/main/cpp/bytebuffer.cpp b/src/main/cpp/bytebuffer.cpp
index cdd6af0c..c78ea8e2 100644
--- a/src/main/cpp/bytebuffer.cpp
+++ b/src/main/cpp/bytebuffer.cpp
@@ -74,6 +74,11 @@ void ByteBuffer::limit(size_t newLimit)
}
m_priv->lim = newLimit;
+
+ if (m_priv->pos > m_priv->lim)
+ {
+ m_priv->pos = m_priv->lim;
+ }
}
diff --git a/src/main/cpp/inputstreamreader.cpp
b/src/main/cpp/inputstreamreader.cpp
index 9b3b0d86..43885c3d 100644
--- a/src/main/cpp/inputstreamreader.cpp
+++ b/src/main/cpp/inputstreamreader.cpp
@@ -91,8 +91,16 @@ LogString InputStreamReader::read(Pool& p)
if (buf.remaining() > 0)
{
- memmove(buf.data(), buf.current(), buf.remaining());
- buf.limit(buf.remaining());
+ const size_t carry = buf.remaining();
+
+ if (carry == BUFSIZE)
+ {
+ throw IOException(LOG4CXX_STR("Decoder made no
progress"));
+ }
+
+ memmove(buf.data(), buf.current(), carry);
+ buf.clear();
+ buf.position(carry);
}
else
{
diff --git a/src/main/cpp/socketoutputstream.cpp
b/src/main/cpp/socketoutputstream.cpp
index 4931d6ae..3ddc78ec 100644
--- a/src/main/cpp/socketoutputstream.cpp
+++ b/src/main/cpp/socketoutputstream.cpp
@@ -19,6 +19,7 @@
#include <log4cxx/helpers/socketoutputstream.h>
#include <log4cxx/helpers/socket.h>
#include <log4cxx/helpers/bytebuffer.h>
+#include <log4cxx/helpers/exception.h>
#include <cstdio>
#include <cstring>
@@ -64,9 +65,16 @@ void SocketOutputStream::write(ByteBuffer& buf, Pool& /* p
*/ )
{
if (buf.remaining() > 0)
{
- size_t sz = m_priv->array.size();
- m_priv->array.resize(sz + buf.remaining());
- memcpy(&m_priv->array[sz], buf.current(), buf.remaining());
+ const size_t count = buf.remaining();
+ const size_t sz = m_priv->array.size();
+
+ if (count > m_priv->array.max_size() - sz)
+ {
+ throw
IllegalArgumentException(LOG4CXX_STR("SocketOutputStream::write overflow"));
+ }
+
+ m_priv->array.resize(sz + count);
+ memcpy(&m_priv->array[sz], buf.current(), count);
buf.position(buf.limit());
}
}
