[ 
https://issues.apache.org/jira/browse/AVRO-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ismaël Mejía reassigned AVRO-4292:
----------------------------------

    Assignee: Ismaël Mejía

> Validate available bytes before allocating for length-prefixed values
> ---------------------------------------------------------------------
>
>                 Key: AVRO-4292
>                 URL: https://issues.apache.org/jira/browse/AVRO-4292
>             Project: Apache Avro
>          Issue Type: Bug
>    Affects Versions: 1.11.5, 1.12.1
>            Reporter: Ismaël Mejía
>            Assignee: Ismaël Mejía
>            Priority: Major
>             Fix For: 1.13.0, 1.11.6, 1.12.2
>
>
> A bytes or string value is encoded as a length prefix followed by that many 
> bytes of data. A malicious or truncated input can declare a very large length 
> while carrying little or no actual data, which causes a correspondingly large 
> buffer to be allocated before the shortfall is noticed.
> AVRO-4241 addressed this in the Java SDK by verifying, when the source can 
> report how many bytes remain, that the declared length does not exceed the 
> bytes actually available before allocating for it. This is an umbrella issue 
> to apply the equivalent check to the other language SDKs.
> The JavaScript SDK already performs an equivalent bounds check against its 
> in-memory buffer. Sub-tasks cover C, C++, C#, Python, Ruby, PHP, and Perl.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to