(tomcat) branch 10.1.x updated: Improve handling of overflow

Sun, 07 Apr 2024 14:18:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new cb0fc93f1e Improve handling of overflow
cb0fc93f1e is described below

commit cb0fc93f1e077905ef8487aa7f54eab36346fe0e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Sun Apr 7 22:01:20 2024 +0200

    Improve handling of overflow
---
 java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java | 3 ++-
 webapps/docs/changelog.xml                                         | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java 
b/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java
index dfdca9d426..e35c1ea237 100644
--- a/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java
+++ b/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java
@@ -289,6 +289,7 @@ public class DiskFileItem
      * or {@code null} if the data cannot be read
      *
      * @throws UncheckedIOException if an I/O error occurs
+     * @throws ArithmeticException if the file {@code size} overflows an int
      */
     @Override
     public byte[] get() throws UncheckedIOException {
@@ -299,7 +300,7 @@ public class DiskFileItem
             return cachedContent != null ? cachedContent.clone() : new byte[0];
         }
 
-        final byte[] fileData = new byte[(int) getSize()];
+        final byte[] fileData = new byte[Math.toIntExact(getSize())];
 
         try (InputStream fis = Files.newInputStream(dfos.getFile().toPath())) {
             IOUtils.readFully(fis, fileData);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ad1562d805..b382f8d67f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,11 @@
         Improve Service connectors, Container children and Service executors
         access sync using a ReentrantReadWriteLock. (remm)
       </fix>
+      <fix>
+        Improve handling of integer overflow if an attempt is made to upload a
+        file via the Servlet API and the file is larger than
+        <code>Integer.MAX_VALUE</code>. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to