https://bz.apache.org/bugzilla/show_bug.cgi?id=66575
Bug ID: 66575
Summary: Use of ByteBuffer.array() not guarded by hasArray()
Product: Tomcat 10
Version: unspecified
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: WebSocket
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ------
This is just an example, and I'm pretty sure this is also the case in other
classes, but in `org.apache.tomcat.websocket.PerMessageDeflate.java` a
`ByteBuffer` is turned into a `byte[]` in order to deflate the payload, using
the
`array()` method (see source:
https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/websocket/PerMessageDeflate.java#L332)
The trouble is that not all `ByteBuffers` are backed by an `array()` or can
return the `array()`:
- direct buffers are not backed by a `byte[]` at all
- read-only buffers refuse to return their backing array (because it could be
used to modify the contents)
This is well documented in the `ByteBuffer` javadoc which says that such
accesses should be guarded by `hasArray()`.
The alternative (and portable) way of accessing the bytes for a read is to use
one of the various `get(...)` methods, reading the bytes into a `byte[]`.
Note that this implies a copy.
Perhaps there should be a utility method in place for reading `byte[]` out of a
`ByteBuffer` in Tomcat, using `array()` when possible (0-copy) and a variant of
`get` otherwise?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
