Allocate byte[] lazily for longer Smile binary data payloads (raw)
#260
Comments
|
The issue seems oddly resistant to reproduction: for some reason, allocating a 2-gig byte array succeeds despite my trying to limit heap to 0.5 gigs (for example). |
|
Needed to add Surefire (junit) plugin configuration to limit heap for forked-off test process, now test fails as expected from command-line. |
cowtowncoder
changed the title
byte[] lazily for longer Smile binary data payloadsbyte[] lazily for longer Smile binary data payloads (raw)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32180)
Looks like eager allocation is used for Smile binary payload if using "raw"/native embedding.
Similar to #186, this should be only used for relatively short payloads to avoid potential for DoS by attacker specifying allegedly large data size but only sending minimal partial message (essentially just marker, length and maybe a bit or two)
The text was updated successfully, but these errors were encountered: