SummCoder opened a new pull request, #10506:
URL: https://github.com/apache/rocketmq/pull/10506

   ### Which Issue(s) This PR Fixes
   
   Fixes #8262
   
   ### Brief Description
   
   This PR fixes an off-by-one error in the boundary checks of
   `BitsArray.checkBytePosition` and `BitsArray.checkBitPosition`
   in the filter module.
   
   The two methods use `>` instead of `>=` when checking whether
   a position is out of bounds:
   
   checkBytePosition:  if (bytePos > byteLength())   // should be >=
   checkBitPosition:   if (bitPos > bitLength())     // should be >=
   
   For a byte array of length N, valid indices are 0 through N-1.
   Position N is the first invalid index, so the check should use `>=`.
   
   With the old code, position N passes the check and causes
   `ArrayIndexOutOfBoundsException` instead of the intended
   `IllegalArgumentException` with a descriptive message.
   
   **Production impact if not fixed:** Minimal. `getByte`/`setByte` are
   only called internally by `xor`/`or`/`and` with guaranteed safe
   bounds. `getBit`/`setBit` positions come from `BloomFilterData` hash
   functions which always produce in-range values. No known production
   trigger exists.
   
   **Impact of the fix:** Zero behavioral change for all valid positions
   (0 to length-1). Only the boundary case is corrected.
   
   Additionally, this PR adds unit tests to improve code coverage
   for the filter and auth modules:
   
   - `BitsArrayTest` (27 tests): covers `create` (bitLength, bytes,
     bytes+bitLength), `setBit`/`getBit`, `setByte`/`getByte`, `xor`,
     `or`, `and` (array-level and bit-level), `not`, `clone`,
     `toString`, large bit arrays, and boundary/edge cases including
     regression tests for the fixed checks.
   
   - `PlainAccessConfigTest` (12 tests): covers getters/setters,
     `topicPerms`/`groupPerms`, `equals` (same object, identical
     configs, different fields, null, different class), `hashCode`
     consistency, and `toString`.
   
   ### How Did You Test This Change?
   
   1. Ran BitsArrayTest with the fixed code — all 27 tests pass.
   2. Verified the regression tests correctly expect
      `IllegalArgumentException` at boundary positions.
   3. Verified with the old code that the same boundary positions
      cause `ArrayIndexOutOfBoundsException` instead.
   4. Ran `mvn test -pl filter -Dtest=BitsArrayTest` and
      `mvn test -pl auth -Dtest=PlainAccessConfigTest` — both
      BUILD SUCCESS.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to