Uploaded image for project: 'Commons IO'
  1. Commons IO
  2. IO-429

ByteArrayOutputStream can overflow

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.9.0
    • Component/s: Utilities
    • Labels:
      None

      Description

      There are many places involved in the problem, and a good fix might be problematic performance wise.

      For example:
      IOUtils.toByteArray(InputStream input) invoked with a Stream which feeds more than Integer.MAX_VALUE bytes will either crash with NegativeArraySizeException or maybe worse overflow in such a way that it returns fine (but only with partial data)

      The ByteArrayOutputStream will happily consume the full stream but "int count" will overflow. At some point then toByteArray is invoked which will do like new byte[count].

      maybe "needNewBuffer" can throw the IllegalArgumentException, as it gets the count and could check for the overflow.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              fabianlange Fabian Lange
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 3h 20m
                3h 20m