Description
Attached is a sample file created by our Fuzzer running on the C++ library that causes an std::bad_alloc due to the string or byte field having an invalid negative integer length. The fix is trivial I'll send out a PR soon but it's something like:
void BinaryDecoder::decodeString(std::string& value) { // Preserve the sign to avoid allocating memory if len is negative. ssize_t len = decodeInt(); if (len < 0) { throw Exception( boost::format("Cannot have a string of negative length: %1%") % len); } value.resize(len); if (len > 0) { in_.readBytes(reinterpret_cast<uint8_t*>(&value[0]), len); } }
Attachments
Attachments
Issue Links
- is a clone of
-
AVRO-2219 std::bad_alloc when String or Bytes field has a negative length
- Resolved
- links to