Ismaël Mejía created AVRO-4298:
----------------------------------

             Summary: [php] Validate available bytes before allocating for 
length-prefixed values
                 Key: AVRO-4298
                 URL: https://issues.apache.org/jira/browse/AVRO-4298
             Project: Apache Avro
          Issue Type: Sub-task
          Components: php
    Affects Versions: 1.12.1, 1.11.5
            Reporter: Ismaël Mejía
             Fix For: 1.11.6, 1.12.2, 1.13.0


A bytes or string value is encoded as a length prefix followed by that many 
bytes of data. A malicious or truncated input can declare a very large length 
while carrying little or no actual data, causing a large buffer to be allocated 
before the shortfall is noticed. When the source can report how many bytes 
remain, reject a declared length that exceeds the bytes actually available 
before allocating for it. Companion to AVRO-4241 (Java).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to