Skip to content

Commit 4024b40

Browse files
committed
Address out-of-bounds for array size with int wrap-around
1 parent 065b106 commit 4024b40

2 files changed

Lines changed: 13 additions & 1 deletion

File tree

src/main/java/org/apache/commons/codec/binary/Base16.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -220,7 +220,12 @@ void encode(final byte[] data, final int offset, final int length, final Context
220220
return;
221221
}
222222

223-
final byte[] buffer = ensureBufferSize(length * BYTES_PER_ENCODED_BLOCK, context);
223+
final int size = length * BYTES_PER_ENCODED_BLOCK;
224+
if (size < 0) {
225+
throw new IllegalArgumentException("Input length exceeds maximum size for encoded data: " + length);
226+
}
227+
228+
final byte[] buffer = ensureBufferSize(size, context);
224229

225230
final int end = offset + length;
226231
for (int i = offset; i < end; i++) {

src/test/java/org/apache/commons/codec/binary/Base16Test.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -483,6 +483,7 @@ private String toString(final byte[] data) {
483483
*
484484
* @see <a href="https://issues.apache.org/jira/projects/CODEC/issues/CODEC-265">CODEC-265</a>
485485
*/
486+
@Test
486487
public void testCodec265_over() {
487488
// almost 1GiB file to encode: 2^29 bytes
488489
final int size1GiB = 1 << 29;
@@ -510,6 +511,12 @@ public void testCodec265_over() {
510511
assertEquals(expectedLength, encoded.length);
511512
}
512513

514+
@Test(expected = IllegalArgumentException.class)
515+
public void checkEncodeLengthBounds() {
516+
final Base16 base16 = new Base16();
517+
base16.encode(new byte[10], 0, 1 << 30);
518+
}
519+
513520
@Test
514521
public void testIsInAlphabet() {
515522
// invalid bounds

0 commit comments

Comments
 (0)