Ismaël Mejía created AVRO-4292:
----------------------------------

             Summary: Validate available bytes before allocating for 
length-prefixed values
                 Key: AVRO-4292
                 URL: https://issues.apache.org/jira/browse/AVRO-4292
             Project: Apache Avro
          Issue Type: Bug
    Affects Versions: 1.12.1, 1.11.5
            Reporter: Ismaël Mejía
             Fix For: 1.11.6, 1.12.2, 1.13.0


A bytes or string value is encoded as a length prefix followed by that many 
bytes of data. A malicious or truncated input can declare a very large length 
while carrying little or no actual data, which causes a correspondingly large 
buffer to be allocated before the shortfall is noticed.

AVRO-4241 addressed this in the Java SDK by verifying, when the source can 
report how many bytes remain, that the declared length does not exceed the 
bytes actually available before allocating for it. This is an umbrella issue to 
apply the equivalent check to the other language SDKs.

The JavaScript SDK already performs an equivalent bounds check against its 
in-memory buffer. Sub-tasks cover C, C++, C#, Python, Ruby, PHP, and Perl.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to