Copilot commented on code in PR #3860:
URL: https://github.com/apache/avro/pull/3860#discussion_r3566906340


##########
lang/csharp/src/apache/main/IO/BinaryDecoder.notnetstandard2.0.cs:
##########
@@ -73,6 +73,8 @@ public string ReadString()
                 throw new AvroException("Can not deserialize a string with 
negative length!");
             }
 
+            EnsureAvailableBytes(length);

Review Comment:
   ReadString() uses ReadInt() for the length prefix, so a declared length > 
int.MaxValue can overflow to a negative int, skip the EnsureAvailableBytes 
check, and fail with a misleading “negative length” exception. Consider reading 
the length as a long and validating it (including MaxDotNetArrayLength) before 
casting to int.



##########
lang/csharp/src/apache/main/IO/BinaryDecoder.netstandard2.0.cs:
##########
@@ -85,6 +85,8 @@ public string ReadString()
                 throw new AvroException("Can not deserialize a string with 
negative length!");
             }
 
+            EnsureAvailableBytes(length);
+
             if (length > MaxDotNetArrayLength)
             {
                 throw new AvroException("String length is not supported!");

Review Comment:
   ReadString() reads the length prefix via ReadInt(), which casts a long to 
int. A declared string length > int.MaxValue will overflow to a negative int, 
bypass EnsureAvailableBytes, and throw the misleading “negative length” 
AvroException. Read the length as a long, validate bounds, then cast to int 
after checks so oversized lengths are rejected deterministically and the 
remaining-bytes guard always applies.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to