ayush00git opened a new issue, #3617:
URL: https://github.com/apache/fory/issues/3617

   ### Search before asking
   
   - [x] I had searched in the [issues](https://github.com/apache/fory/issues) 
and found no similar issues.
   
   
   ### Version
   
   v0.17.0
   
   ### Component(s)
   
   Go
   
   ### Minimal reproduce step
   
   Run these tests - 
   ```go
   func TestReadLatin1OOMBug(t *testing.T) {
        // Missing Error Check Causes Unbounded Rune Allocation
        // We claim a massive size of 10,000 bytes, but provide an empty buffer.
        buf := NewByteBuffer(nil)
        
        err := &Error{}
        // readLatin1 doesn't read the length itself, it takes it as an argument
        result := readLatin1(buf, 10000, err)
   
        // Before the fix, this allocates a slice of 10000 runes (zeros) and 
returns it as a string of null bytes.
        // After the fix, it should return an empty string immediately when 
bounds check fails.
        require.True(t, err.HasError(), "Expected an error due to out of bounds 
buffer")
        require.Equal(t, "", result, "Expected an empty string due to missing 
data")
   }
   
   func TestReadInt32SliceOOMBug(t *testing.T) {
        // Unbounded Allocation in Primitive Slice Deserializers
        // We claim a size of 40,000 bytes, but provide no actual data.
        buf := NewByteBuffer(nil)
        buf.WriteLength(40000) 
        
        // Reset reader index so we can read what we just wrote
        buf.SetReaderIndex(0)
   
        err := &Error{}
        result := ReadInt32Slice(buf, err)
   
        // Before the fix, this allocates a slice of 10000 int32s (zeros) and 
returns it.
        // After the fix, it should return an empty/nil slice immediately when 
bounds check fails.
        assert.True(t, err.HasError(), "Expected an error due to out of bounds 
buffer")
        assert.Equal(t, 0, len(result), "Expected an empty slice due to missing 
data")
   }
   
   ```
   
   ### What did you expect to see?
   
   Data should show 0 or missing in these types of allocations.
   
   ### What did you see instead?
   
   Data is being stored in the whole buffer.
   
   ### Anything Else?
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [x] I'm willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to