lucasbru commented on code in PR #22463:
URL: https://github.com/apache/kafka/pull/22463#discussion_r3361795100
##########
clients/src/test/java/org/apache/kafka/common/serialization/ListDeserializerTest.java:
##########
@@ -277,4 +276,120 @@ public void shouldPassHeadersToUnderlyingDeserializer() {
verify(mockDeserializer, never()).deserialize(anyString(),
any(byte[].class));
}
+ @Test
+ public void shouldThrowOnNegativeLength() {
+ final byte[] corruptedData = new byte[] {
+ (byte)
Serdes.ListSerde.SerializationStrategy.VARIABLE_SIZE.ordinal(),
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF // encodes
length == -1
+ };
+
+ final ListDeserializer<String> testDeserializer = new
ListDeserializer<>(ArrayList.class, new StringDeserializer());
+
+ final SerializationException exception = assertThrows(
+ SerializationException.class,
+ () -> testDeserializer.deserialize(null, corruptedData)
+ );
+ assertEquals(
+ "Corrupted byte[]. The number of list entries cannot be negative.",
+ exception.getMessage()
+ );
+ }
+
+ @Test
+ public void shouldThrowOnTooLargeLength() {
+ final byte[] corruptedData = new byte[] {
+ (byte)
Serdes.ListSerde.SerializationStrategy.VARIABLE_SIZE.ordinal(),
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xFF // encodes
length 255
+ };
+
+ final ListDeserializer<String> testDeserializer = new
ListDeserializer<>(ArrayList.class, new StringDeserializer());
+
+ final SerializationException exception = assertThrows(
+ SerializationException.class,
+ () -> testDeserializer.deserialize(null, corruptedData)
+ );
+ assertEquals(
+ "Corrupted byte[]. The number of list entries cannot be larger
than overall number of bytes.",
+ exception.getMessage()
+ );
+ }
+
+ @Test
+ public void shouldThrowOnNegativeEntrySize() {
+ final byte[] corruptedData = new byte[] {
+ (byte)
Serdes.ListSerde.SerializationStrategy.VARIABLE_SIZE.ordinal(),
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, // encodes
length == 0
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFE // encodes
entrySize == -2 (-1 would be a valid `null` entry)
+ };
+
+ final ListDeserializer<String> testDeserializer = new
ListDeserializer<>(ArrayList.class, new StringDeserializer());
+
+ final SerializationException exception = assertThrows(
+ SerializationException.class,
+ () -> testDeserializer.deserialize(null, corruptedData)
+ );
+ assertEquals(
+ "Corrupted byte[]. A list entry cannot have negative size.",
+ exception.getMessage()
+ );
+ }
+
+ @Test
+ public void shouldThrowOnTooLargeEntrySize() {
+ final byte[] corruptedData = new byte[] {
+ (byte)
Serdes.ListSerde.SerializationStrategy.VARIABLE_SIZE.ordinal(),
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, // encodes
length == 0
Review Comment:
super nit: That seems to encode 1, not 0.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
