subbudvk opened a new pull request, #1022: URL: https://github.com/apache/opennlp/pull/1022
**Description**
getOutcomes(), getOutcomePatterns(), and getPredicates() in
AbstractModelReader
read a 32-bit integer from the binary stream and use it directly as an
array size
with no bounds check. A malformed model file with any count field set to
Integer.MAX_VALUE causes an OutOfMemoryError at allocation time, before
any
model data is validated.
**Fix**
Added a MAX_ENTRIES = 10_000_000 limit. All three methods now throw
InvalidFormatException if the count field is negative or exceeds the limit.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
