[
https://issues.apache.org/jira/browse/AVRO-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ismaël Mejía reassigned AVRO-4292:
----------------------------------
Assignee: Ismaël Mejía
> Validate available bytes before allocating for length-prefixed values
> ---------------------------------------------------------------------
>
> Key: AVRO-4292
> URL: https://issues.apache.org/jira/browse/AVRO-4292
> Project: Apache Avro
> Issue Type: Bug
> Affects Versions: 1.11.5, 1.12.1
> Reporter: Ismaël Mejía
> Assignee: Ismaël Mejía
> Priority: Major
> Fix For: 1.13.0, 1.11.6, 1.12.2
>
>
> A bytes or string value is encoded as a length prefix followed by that many
> bytes of data. A malicious or truncated input can declare a very large length
> while carrying little or no actual data, which causes a correspondingly large
> buffer to be allocated before the shortfall is noticed.
> AVRO-4241 addressed this in the Java SDK by verifying, when the source can
> report how many bytes remain, that the declared length does not exceed the
> bytes actually available before allocating for it. This is an umbrella issue
> to apply the equivalent check to the other language SDKs.
> The JavaScript SDK already performs an equivalent bounds check against its
> in-memory buffer. Sub-tasks cover C, C++, C#, Python, Ruby, PHP, and Perl.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)