[jira] [Resolved] (HTTPCORE-441) Integer overflow in EntityUtils.toByteArray

Sat, 28 Jan 2017 01:58:11 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCORE-441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCORE-441.
----------------------------------------
    Resolution: Won't Fix

> Integer overflow in EntityUtils.toByteArray
> -------------------------------------------
>
>                 Key: HTTPCORE-441
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-441
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore
>    Affects Versions: 4.3.3, 4.4.4, 5.0-alpha1
>            Reporter: Steven Enns
>            Priority: Minor
>
> EntityUtils.toByteArray copies bytes from InputStream to byte[].  Bytes from 
> the InputStream are appended to a ByteArrayBuffer in chunks of 4KB.  When the 
> buffer reaches capacity, ByteArrayBuffer::expand is called to increase 
> capacity by a factor of 2.  However, when the array size exceeds 1/2 of 
> Integer.MAX_VALUE (about 1.07GB), the doubled size overflows.  The overflowed 
> value is less than the newlen that was requested, so the buffer grows by just 
> 4KB to the exact size that was requested.  A subsequent resize and copy is 
> executed at every iteration of the loop in ByteArrayBuffer::append, every 
> remaining 4KB until the end of the InputStream.  Execution times increase 
> rapidly and may cause execution to hang indefinitely.
> See ByteArrayBuffer::expand for integer overflow:
>     private void expand(final int newlen) {
>         final byte newbuffer[] = new byte[Math.max(this.buffer.length << 1, 
> newlen)];
>         System.arraycopy(this.buffer, 0, newbuffer, 0, this.len);
>         this.buffer = newbuffer;
>     }
> https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.4.6/httpcore/src/main/java/org/apache/http/util/ByteArrayBuffer.java
> https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/5.0-alpha2-RC2/httpcore5/src/main/java/org/apache/hc/core5/util/ByteArrayBuffer.java



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to