Ismaël Mejía created AVRO-4292:
----------------------------------
Summary: Validate available bytes before allocating for
length-prefixed values
Key: AVRO-4292
URL: https://issues.apache.org/jira/browse/AVRO-4292
Project: Apache Avro
Issue Type: Bug
Affects Versions: 1.12.1, 1.11.5
Reporter: Ismaël Mejía
Fix For: 1.11.6, 1.12.2, 1.13.0
A bytes or string value is encoded as a length prefix followed by that many
bytes of data. A malicious or truncated input can declare a very large length
while carrying little or no actual data, which causes a correspondingly large
buffer to be allocated before the shortfall is noticed.
AVRO-4241 addressed this in the Java SDK by verifying, when the source can
report how many bytes remain, that the declared length does not exceed the
bytes actually available before allocating for it. This is an umbrella issue to
apply the equivalent check to the other language SDKs.
The JavaScript SDK already performs an equivalent bounds check against its
in-memory buffer. Sub-tasks cover C, C++, C#, Python, Ruby, PHP, and Perl.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)