Copilot commented on code in PR #3860:
URL: https://github.com/apache/avro/pull/3860#discussion_r3566906340
##########
lang/csharp/src/apache/main/IO/BinaryDecoder.notnetstandard2.0.cs:
##########
@@ -73,6 +73,8 @@ public string ReadString()
throw new AvroException("Can not deserialize a string with
negative length!");
}
+ EnsureAvailableBytes(length);
Review Comment:
ReadString() uses ReadInt() for the length prefix, so a declared length >
int.MaxValue can overflow to a negative int, skip the EnsureAvailableBytes
check, and fail with a misleading “negative length” exception. Consider reading
the length as a long and validating it (including MaxDotNetArrayLength) before
casting to int.
##########
lang/csharp/src/apache/main/IO/BinaryDecoder.netstandard2.0.cs:
##########
@@ -85,6 +85,8 @@ public string ReadString()
throw new AvroException("Can not deserialize a string with
negative length!");
}
+ EnsureAvailableBytes(length);
+
if (length > MaxDotNetArrayLength)
{
throw new AvroException("String length is not supported!");
Review Comment:
ReadString() reads the length prefix via ReadInt(), which casts a long to
int. A declared string length > int.MaxValue will overflow to a negative int,
bypass EnsureAvailableBytes, and throw the misleading “negative length”
AvroException. Read the length as a long, validate bounds, then cast to int
after checks so oversized lengths are rejected deterministically and the
remaining-bytes guard always applies.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]