iemejia commented on code in PR #3854:
URL: https://github.com/apache/avro/pull/3854#discussion_r3567448731
##########
lang/c++/impl/DataFile.cc:
##########
@@ -627,12 +679,25 @@ void DataFileReaderBase::readDataBlock() {
const uint8_t *data;
size_t len;
+ const size_t maxLength = maxDecompressLength();
while (ret != Z_STREAM_END && st->next(&data, &len)) {
zs.avail_in = static_cast<uInt>(len);
zs.next_in = const_cast<Bytef *>(data);
do {
if (zs.total_out == uncompressed.size()) {
- uncompressed.resize(uncompressed.size() +
zlibBufGrowSize);
+ // Reject a block that decompresses to more than the
+ // allowed maximum, before growing the buffer further.
+ if (uncompressed.size() >= maxLength) {
+ (void) inflateEnd(&zs);
+ throw Exception(
+ "Decompressed block size exceeds the maximum
allowed of {} bytes",
+ maxLength);
+ }
+ size_t newSize = uncompressed.size() + zlibBufGrowSize;
+ if (newSize > maxLength) {
+ newSize = maxLength;
+ }
+ uncompressed.resize(newSize);
Review Comment:
Fixed — the buffer now grows by `min(maxLength - size, zlibBufGrowSize)` (a
remaining-capacity calc), so the addition can't overflow size_t when maxLength
is near SIZE_MAX.
##########
lang/c++/impl/DataFile.cc:
##########
@@ -627,12 +679,25 @@ void DataFileReaderBase::readDataBlock() {
const uint8_t *data;
size_t len;
+ const size_t maxLength = maxDecompressLength();
while (ret != Z_STREAM_END && st->next(&data, &len)) {
zs.avail_in = static_cast<uInt>(len);
zs.next_in = const_cast<Bytef *>(data);
do {
if (zs.total_out == uncompressed.size()) {
- uncompressed.resize(uncompressed.size() +
zlibBufGrowSize);
+ // Reject a block that decompresses to more than the
+ // allowed maximum, before growing the buffer further.
+ if (uncompressed.size() >= maxLength) {
+ (void) inflateEnd(&zs);
+ throw Exception(
+ "Decompressed block size exceeds the maximum
allowed of {} bytes",
+ maxLength);
Review Comment:
Fixed — the message now reports the would-be size (`uncompressed.size() +
1`, i.e. at least maxLength + 1) alongside the limit, consistent with the
snappy/zstd errors.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]