Philip Warren created KAFKA-15423:
-------------------------------------
Summary: readUnsignedVarint implementation allows for negative
numbers
Key: KAFKA-15423
URL: https://issues.apache.org/jira/browse/KAFKA-15423
Project: Kafka
Issue Type: Improvement
Components: clients
Affects Versions: 3.5.1
Reporter: Philip Warren
The current implementation of {{ByteUtils.readUnsignedVarint}} throws an
IllegalArgumentException if the varint is encoded in more than 5 bytes which
avoids some invalid values, however it still allows for 35 bits of precision
instead of 31 bits of the underlying int type.
To make the method safer for callers, it seems like it should ensure that only
the 3 lower bits of the 5th byte are set as anything else will overflow a Java
int.
I've audited the codebase and there are some cases where a negative unsigned
varint will lead to calling {{new Object[length]}} (leading to an exception),
and a few potential values where reading a varint as a length (and subtracting
one) causes a negative length of MIN_INT to wrap and become equal to MAX_INT.
As the KIP specs refer to varints as 31-bit integers (i.e.
[KIP-482|https://cwiki.apache.org/confluence/display/KAFKA/KIP-482]), it would
be good if the methods decoding them should also enforce this constraint.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
