Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-3225

StackOverflowException on invalid input for BinaryDecoder.ReadString on NetStandard 2.1+

    XMLWordPrintableJSON

Details

    Description

      The BinaryDecoder.ReadString() method on NetStandard2.1+ produces a stack overflow exception if there is invalid input caused by this code:

       

      int length = ReadInt();
Span<byte> buffer = length <= StackallocThreshold ? stackalloc byte[length] :                (bufferArray = ArrayPool<byte>.Shared.Rent(length)).AsSpan(0, length);

       

      This code fails if ReadInt() returns a negative value.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. AVRO-3226 OutOfMemoryException on invalid input for BinaryDecoder.ReadString on NetStandard 2.1+

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1357

          Activity

            People

              PSanetra Philip Sanetra
              PSanetra Philip Sanetra
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 50m
                  1h 50m