Skip to content

Commit

Permalink
Merge pull request from GHSA-pqr6-cmr2-h8hf
Browse files Browse the repository at this point in the history 
* Fixed integer overflow by checking if multiplication result is smaller than original value

* Fixed integer overflow by checking if multiplication result is smaller than original value

* Fixed integer overflow by checking if multiplication result is smaller than original value

* imporved error messages and added happy and sad cases for unit test in SnappyTest.java

* switched SnappyError into ILLEGAL_ARGUMENT in SnappyErrorCode.java and Snappy.java

* wrote new and updated unit test methods

* updated comments in SnappyTest.java

* Fixed and updated unit tests in SnappyTest.java
  • Loading branch information
@aidancch
aidancch committed Jun 14, 2023
1 parent 27e2ce0 commit 820e2e0
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 1 deletion.
15 changes: 15 additions & 0 deletions src/main/java/org/xerial/snappy/BitShuffle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@ public static int shuffle(ByteBuffer input, BitShuffleType type, ByteBuffer shuf
* @throws IOException
*/
public static byte[] shuffle(short[] input) throws IOException {
if (input.length * 2 < input.length) {
throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
}
byte[] output = new byte[input.length * 2];
int numProcessed = impl.shuffle(input, 0, 2, input.length * 2, output, 0);
assert(numProcessed == input.length * 2);
Expand All @@ -105,6 +108,9 @@ public static byte[] shuffle(short[] input) throws IOException {
* @throws IOException
*/
public static byte[] shuffle(int[] input) throws IOException {
if (input.length * 4 < input.length) {
throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
}
byte[] output = new byte[input.length * 4];
int numProcessed = impl.shuffle(input, 0, 4, input.length * 4, output, 0);
assert(numProcessed == input.length * 4);
Expand All @@ -119,6 +125,9 @@ public static byte[] shuffle(int[] input) throws IOException {
* @throws IOException
*/
public static byte[] shuffle(long[] input) throws IOException {
if (input.length * 8 < input.length) {
throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
}
byte[] output = new byte[input.length * 8];
int numProcessed = impl.shuffle(input, 0, 8, input.length * 8, output, 0);
assert(numProcessed == input.length * 8);
Expand All @@ -133,6 +142,9 @@ public static byte[] shuffle(long[] input) throws IOException {
* @throws IOException
*/
public static byte[] shuffle(float[] input) throws IOException {
if (input.length * 4 < input.length) {
throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
}
byte[] output = new byte[input.length * 4];
int numProcessed = impl.shuffle(input, 0, 4, input.length * 4, output, 0);
assert(numProcessed == input.length * 4);
Expand All @@ -147,6 +159,9 @@ public static byte[] shuffle(float[] input) throws IOException {
* @throws IOException
*/
public static byte[] shuffle(double[] input) throws IOException {
if (input.length * 8 < input.length) {
throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
}
byte[] output = new byte[input.length * 8];
int numProcessed = impl.shuffle(input, 0, 8, input.length * 8, output, 0);
assert(numProcessed == input.length * 8);
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/xerial/snappy/SnappyErrorCode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@ public enum SnappyErrorCode
EMPTY_INPUT(6),
INCOMPATIBLE_VERSION(7),
INVALID_CHUNK_SIZE(8),
UNSUPPORTED_PLATFORM(9);
UNSUPPORTED_PLATFORM(9),
TOO_LARGE_INPUT(10);

public final int id;

Expand Down
58 changes: 58 additions & 0 deletions src/test/java/org/xerial/snappy/SnappyTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,4 +329,62 @@ public void isValidCompressedData()
_logger.debug(e);
}
}

/*
Tests happy cases for BitShuffle.shuffle method
- double: 0, 10
- float: 0, 10
- int: 0, 10
- long: 0, 10
- short: 0, 10
*/
@Test
public void isValidArrayInputLengthForBitShuffleShuffle()
throws Exception
{
byte[] b = BitShuffle.shuffle(new double[0]);
byte[] c = BitShuffle.shuffle(new float[0]);
byte[] d = BitShuffle.shuffle(new int[0]);
byte[] e = BitShuffle.shuffle(new long[0]);
byte[] f = BitShuffle.shuffle(new short[0]);
byte[] n = BitShuffle.shuffle(new double[10]);
byte[] o = BitShuffle.shuffle(new float[10]);
byte[] p = BitShuffle.shuffle(new int[10]);
byte[] q = BitShuffle.shuffle(new long[10]);
byte[] r = BitShuffle.shuffle(new short[10]);
}

/*
Tests sad cases for BitShuffle.shuffle method
- Allocate a buffer whose byte size will be a bit larger than Integer.MAX_VALUE
- double: 8
- float: 4
- int: 4
- long: 8
- short: 2
*/
@Test(expected = SnappyError.class)
public void isTooLargeDoubleArrayInputLengthForBitShuffleShuffle() throws Exception {
BitShuffle.shuffle(new double[Integer.MAX_VALUE / 8 + 1]);
}

@Test(expected = SnappyError.class)
public void isTooLargeFloatArrayInputLengthForBitShuffleShuffle() throws Exception {
BitShuffle.shuffle(new float[Integer.MAX_VALUE / 4 + 1]);
}

@Test(expected = SnappyError.class)
public void isTooLargeIntArrayInputLengthForBitShuffleShuffle() throws Exception {
BitShuffle.shuffle(new float[Integer.MAX_VALUE / 4 + 1]);
}

@Test(expected = SnappyError.class)
public void isTooLargeLongArrayInputLengthForBitShuffleShuffle() throws Exception {
BitShuffle.shuffle(new long[Integer.MAX_VALUE / 8 + 1]);
}

@Test(expected = SnappyError.class)
public void isTooLargeShortArrayInputLengthForBitShuffleShuffle() throws Exception {
BitShuffle.shuffle(new short[Integer.MAX_VALUE / 2 + 1]);
}
}

0 comments on commit 820e2e0

Please sign in to comment.