clebertsuconic commented on a change in pull request #3862:
URL: https://github.com/apache/activemq-artemis/pull/3862#discussion_r758696883
##########
File path:
artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/XidCodecSupport.java
##########
@@ -33,15 +33,20 @@ public static void encodeXid(final Xid xid, final
ActiveMQBuffer out) {
}
private static byte[] safeReadBytes(final ActiveMQBuffer in) {
- int claimedSize = in.readInt();
- int bufferCapacity = in.capacity();
+ final int claimedSize = in.readInt();
+
+ if (claimedSize < 0) {
+ throw new XidPayloadException("Payload size cannot be negative");
+ }
+
+ final int readableBytes = in.readableBytes();
// We have to be defensive here and not try to allocate byte buffer
straight from information available in the
// stream. Or else, an adversary may handcraft the packet causing OOM
situation for a running JVM.
- if (claimedSize > bufferCapacity) {
- throw new IllegalStateException("Buffer size: " + claimedSize +
- " exceeds overall buffer size of: " + bufferCapacity);
+ if (claimedSize > readableBytes) {
+ throw new XidPayloadException("Attempted to read: " + claimedSize +
Review comment:
Why do you actually need a Custom Exception here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
