Re: [PR] optimize: zstd decompression is changed from jni to ZstdInputStream [incubator-seata]

Thu, 07 Aug 2025 23:34:05 -0700 


Copilot commented on code in PR #7578:
URL: https://github.com/apache/incubator-seata/pull/7578#discussion_r2262055343


##########
compressor/seata-compressor-zstd/src/test/java/org/apache/seata/compressor/zstd/ZstdUtilTest.java:
##########
@@ -82,4 +81,31 @@ public void test_decompress_with_len() {
         byte[] decompressedData = ZstdUtil.decompress(compressedData);
         Assertions.assertEquals(len, decompressedData.length);
     }
+
+    @Test
+    public void test_decompress_with_fake_frame_content_size_oom() {
+        // Construct a fake zstd header with the frame content size set to 
1GB, while the actual content is only 4MB.
+        byte[] magic = new byte[] {(byte) 0x28, (byte) 0xB5, (byte) 0x2F, 
(byte) 0xFD};
+        byte[] frameHeaderDescriptor = new byte[magic.length + 1];
+        System.arraycopy(magic, 0, frameHeaderDescriptor, 0, magic.length);
+        frameHeaderDescriptor[magic.length] = (byte) 0xA0;
+        // frame content size: 1GB = 0x40000000
+        byte[] frameContentSize = new byte[] {(byte) 0x00, (byte) 0x00, (byte) 
0x00, (byte) 0x40};
+        // The actual content is only 4MB.
+        byte[] fakeContent = new byte[4 * 1024 * 1024];
+        for (int i = 0; i < fakeContent.length; i++) {
+            fakeContent[i] = (byte) ('A' + i % 26);
+        }
+        byte[] frameContent = new byte[frameHeaderDescriptor.length + 
frameContentSize.length + fakeContent.length];
+        System.arraycopy(frameHeaderDescriptor, 0, frameContent, 0, 
frameHeaderDescriptor.length);
+        System.arraycopy(frameContentSize, 0, frameContent, 
frameHeaderDescriptor.length, frameContentSize.length);
+        System.arraycopy(
+                fakeContent,
+                0,
+                frameContent,
+                frameHeaderDescriptor.length + frameContentSize.length,
+                fakeContent.length);
+        Assertions.assertThrows(IllegalArgumentException.class, () -> 
ZstdUtil.decompress(frameContent));
+        Assertions.assertTrue(Zstd.decompressedSize(frameContent) > 4 * 1024 * 
1024);

Review Comment:
   The magic number '4 * 1024 * 1024' should be extracted to a constant to 
improve readability and maintainability, as it's used multiple times in this 
test method.
   ```suggestion
           Assertions.assertTrue(Zstd.decompressedSize(frameContent) > 
MAX_COMPRESSED_SIZE);
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org
For additional commands, e-mail: notifications-h...@seata.apache.org

Reply via email to