Dominic Evans created PROTON-1249: ------------------------------------- Summary: proton-j: unsafe type initialisations Key: PROTON-1249 URL: https://issues.apache.org/jira/browse/PROTON-1249 Project: Qpid Proton Issue Type: Bug Components: proton-j Affects Versions: 0.12.2 Reporter: Dominic Evans Assignee: Dominic Evans
In #readValue() for ArrayType, BinaryType, ListType and MapType decoding, if the 'count' specified is very large then it is likely to trigger an OutOfMemoryException. As these can come from an external data source, during the SASL init for example, there is a potential for a denial of service. The fix is to throw an IllegalArgumentException if the count value is larger than the amount of data available in the received bytes. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org