serverscanning/capnproto-java-rpc
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix integer overflow bugs.

Browse source
This commit is contained in:
David Renshaw 2015-03-08 20:39:44 -04:00
parent 2b1d5c201e
commit 0e8fe55593
3 changed files with 31 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
compiler/src/test/scala/org/capnproto/EncodingTest.scala
View file

@ -386,6 +386,29 @@ class EncodingSuite extends FunSuite {
a [DecodeException] should be thrownBy root.getAnyPointerField.getAs(org.capnproto.Text.factory); a [DecodeException] should be thrownBy root.getAnyPointerField.getAs(org.capnproto.Text.factory);
} }
test("InlineCompositeListIntOverflow") {
val bytes = Array[Byte](0,0,0,0, 0,0,1,0,
1,0,0,0, 0x17,0,0,0, 0,0,0,-128, 16,0,0,0,
0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0);
val segment = java.nio.ByteBuffer.wrap(bytes);
segment.order(java.nio.ByteOrder.LITTLE_ENDIAN);
val message = new MessageReader(Array(segment), ReaderOptions.DEFAULT_READER_OPTIONS);
val root = message.getRoot(TestAnyPointer.factory);
// TODO add this after we impelement totalSize():
//root.totalSize();
a [DecodeException] should be thrownBy
root.getAnyPointerField.getAs(new StructList.Factory(TestAllTypes.factory));
val messageBuilder = new MessageBuilder();
val builderRoot = messageBuilder.initRoot(TestAnyPointer.factory);
a [DecodeException] should be thrownBy
builderRoot.getAnyPointerField.setAs(TestAnyPointer.factory, root);
}
test("VoidListAmplification") { test("VoidListAmplification") {
val builder = new MessageBuilder(); val builder = new MessageBuilder();
builder.initRoot(TestAnyPointer.factory).getAnyPointerField().initAs(PrimitiveList.Void.factory, 1 << 28); builder.initRoot(TestAnyPointer.factory).getAnyPointerField().initAs(PrimitiveList.Void.factory, 1 << 28);

4
runtime/src/main/java/org/capnproto/AnyPointer.java
View file

@ -82,6 +82,10 @@ public final class AnyPointer {
return factory.initFromPointerBuilder(this.segment, this.pointer, elementCount); return factory.initFromPointerBuilder(this.segment, this.pointer, elementCount);
} }
public final <T, U> void setAs(SetPointerBuilder<T, U> factory, U reader) {
factory.setPointerBuilder(this.segment, this.pointer, reader);
}
public final Reader asReader() { public final Reader asReader() {
return new Reader(segment, pointer, 0x7fffffff); return new Reader(segment, pointer, 0x7fffffff);
} }

6
runtime/src/main/java/org/capnproto/WireHelpers.java
View file

@ -1072,7 +1072,7 @@ final class WireHelpers {
int elementCount = WirePointer.inlineCompositeListElementCount(tag); int elementCount = WirePointer.inlineCompositeListElementCount(tag);
int wordsPerElement = StructPointer.wordSize(tag); int wordsPerElement = StructPointer.wordSize(tag);
if (wordsPerElement * elementCount > wordCount) { if ((long)wordsPerElement * elementCount > wordCount) {
throw new DecodeException("INLINE_COMPOSITE list's elements overrun its word count."); throw new DecodeException("INLINE_COMPOSITE list's elements overrun its word count.");
} }
@ -1165,7 +1165,9 @@ final class WireHelpers {
int wordsPerElement = StructPointer.wordSize(tag); int wordsPerElement = StructPointer.wordSize(tag);
// TODO check that elemements do not overrun word count if ((long)size * wordsPerElement > wordCount) {
throw new DecodeException("INLINE_COMPOSITE list's elements overrun its word count.");
}
if (wordsPerElement == 0) { if (wordsPerElement == 0) {
// Watch out for lists of zero-sized structs, which can claim to be arbitrarily // Watch out for lists of zero-sized structs, which can claim to be arbitrarily