diff --git src/main/java/org/apache/hadoop/hbase/client/Put.java src/main/java/org/apache/hadoop/hbase/client/Put.java index 4596e57..609e54e 100644 --- src/main/java/org/apache/hadoop/hbase/client/Put.java +++ src/main/java/org/apache/hadoop/hbase/client/Put.java @@ -373,21 +373,41 @@ public class Put extends Mutation } this.row = Bytes.readByteArray(in); this.ts = in.readLong(); + if (this.ts < 0) + throw new IOException("negative timestamp"); this.lockId = in.readLong(); this.writeToWAL = in.readBoolean(); int numFamilies = in.readInt(); + if (numFamilies < 0) + throw new IOException("negative number of families"); if (!this.familyMap.isEmpty()) this.familyMap.clear(); for(int i=0;i keys = new ArrayList(numKeys); int totalLen = in.readInt(); + if (totalLen < 0) + throw new IOException("negative total length"); byte [] buf = new byte[totalLen]; int offset = 0; for (int j = 0; j < numKeys; j++) { int keyLength = in.readInt(); + if (keyLength < 0) + throw new IOException("negative key length"); in.readFully(buf, offset, keyLength); keys.add(new KeyValue(buf, offset, keyLength)); + if (!(((short)buf[2 * KeyValue.KEY_LENGTH_SIZE + 1] + == (0x0000ffff & keys.get(keys.size()-1).getRowLength())) + && ((byte)buf[2 * KeyValue.KEY_LENGTH_SIZE + 2 + keys.get(keys.size()-1).getRowLength()] + == (0x0000ff & keys.get(keys.size()-1).getFamilyLength()))) + && ((byte)buf[2 * KeyValue.KEY_LENGTH_SIZE + 2 + keys.get(keys.size()-1).getRowLength() + + keys.get(keys.size()-1).getFamilyLength() + + keys.get(keys.size()-1).getQualifierLength() + + KeyValue.TIMESTAMP_TYPE_SIZE] == (byte) 4)) { + throw new IOException("invalid keyvalue"); + } offset += keyLength; } this.familyMap.put(family, keys);