[JAVA-816] Invalid buffer size safety check in org.bson.io.Bits.readFully(stream, buf, off, len) Created: 26/Apr/13  Updated: 03/Apr/14  Resolved: 25/Jun/13

Status: Closed
Project: Java Driver
Component/s: BSON
Affects Version/s: 2.11.0
Fix Version/s: 2.12.0, 3.0.0

Type: Bug Priority: Major - P3
Reporter: Carsten Haustein Assignee: Unassigned
Resolution: Done Votes: 0
Labels: bson, driver
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Test:
call org.bson.io.Bits.readFully(new ByteArrayInputStream("some sample text".getBytes()), new byte[20], 0, 10);

Expected:
10 bytes are read.

Observed:
java.lang.IllegalArgumentException: Buffer is too small

The safety check
if (b.length - startOffset > length)

{ throw new IllegalArgumentException("Buffer is too small"); }

should test for "<".



 Comments   
Comment by Jeffrey Yemin [ 25/Jun/13 ]

Fixed in 3.0.x as well: https://github.com/mongodb/mongo-java-driver/commit/4e230513cfae4e840966de9a8b988459ffb3a5dc

Comment by auto [ 14/Jun/13 ]

Author:

{u'username': u'trnl', u'name': u'Uladzimir Mihura', u'email': u'trnl.me@gmail.com'}

Message: Added tests for org.bson.io.Bits class. Fix for JAVA-816.
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/28dc7120f72322ef2641ccffe2ffeddfe9ebaffc

Comment by Jeffrey Yemin [ 26/Apr/13 ]

Thanks for catching this. Looks like it was only ever tested with startOffset = 0 and length = b.length.

Generated at Thu Feb 08 08:53:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.