Author: tilman
Date: Tue Apr 22 12:16:27 2025
New Revision: 1925215
URL: http://svn.apache.org/viewvc?rev=1925215&view=rev
Log:
PDFBOX-5991: prevent negative array size
Modified:
pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/MemoryTTFDataStream.java
Modified:
pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/MemoryTTFDataStream.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/MemoryTTFDataStream.java?rev=1925215&r1=1925214&r2=1925215&view=diff
==============================================================================
---
pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/MemoryTTFDataStream.java
(original)
+++
pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/MemoryTTFDataStream.java
Tue Apr 22 12:16:27 2025
@@ -42,7 +42,13 @@ class MemoryTTFDataStream extends TTFDat
{
try
{
- ByteArrayOutputStream output = new ByteArrayOutputStream(
is.available() );
+ int available = is.available();
+ if (available > Integer.MAX_VALUE - 8) //
https://www.baeldung.com/java-arrays-max-size
+ {
+ // PDFBOX-5991
+ throw new IOException("Stream is too long, size: " +
available);
+ }
+ ByteArrayOutputStream output = new
ByteArrayOutputStream(available);
byte[] buffer = new byte[1024];
int amountRead;
while( (amountRead = is.read( buffer ) ) != -1 )
