tabish121 commented on code in PR #2080:
URL: https://github.com/apache/activemq/pull/2080#discussion_r3364885881
##########
activemq-client/src/main/java/org/apache/activemq/util/MarshallingSupport.java:
##########
@@ -350,7 +358,11 @@ public static int writeUTFBytesToBuffer(String str, long
count,
}
public static String readUTF8(DataInput dataIn) throws IOException {
- int utflen = dataIn.readInt();
+ return readUTF8(dataIn, Integer.MAX_VALUE);
Review Comment:
This one is a bit dangerous so should check on who is calling it. I might
actually pass a value of `dataIn.available() ` unless there is a case where
this can be used on blocking reads like a read from a socket input stream.
##########
activemq-client/src/main/java/org/apache/activemq/util/MarshallingSupport.java:
##########
@@ -158,10 +164,11 @@ public static void marshalPrimitive(DataOutputStream out,
Object value) throws I
}
public static Object unmarshalPrimitive(DataInputStream in) throws
IOException {
- return unmarshalPrimitive(in, false);
+ return unmarshalPrimitive(in, false, Integer.MAX_VALUE,
Integer.MAX_VALUE, Integer.MAX_VALUE, 0);
Review Comment:
Another case where I'd consider if the passed size limit could be the
`stream.available() `
##########
activemq-client/src/main/java/org/apache/activemq/util/MarshallingSupport.java:
##########
@@ -67,15 +67,11 @@ public static void marshalPrimitiveMap(Map<String, Object>
map, DataOutputStream
}
public static Map<String, Object> unmarshalPrimitiveMap(DataInputStream
in) throws IOException {
- return unmarshalPrimitiveMap(in, Integer.MAX_VALUE);
+ return unmarshalPrimitiveMap(in, Integer.MAX_VALUE, Integer.MAX_VALUE,
Integer.MAX_VALUE);
Review Comment:
If possible consider capping the max size from these methods to
`in.available()` to that if the encoded size is bogus you will fail early vs
large allocation attempt. Unsure if this is possible if these are read via a
socket input stream which is expected to block on reads waiting more bytes
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
