aalto-xml icon indicating copy to clipboard operation
aalto-xml copied to clipboard

Published 20 hours ago verified publisher icon FasterXML

`DataUtil.growArrayBy(arr, more)` is vulnerable to break the service.

Open ChangXiaoning opened this issue 2 years ago • 0 comments

Reproduce code

import com.fasterxml.aalto.util.*;

public static void main (String[] args) {
   String[] arr = new String[959985462];
   String [] result = DataUtil.growArrayBy(arr, 892613426);
}

Output

Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
	at com.fasterxml.aalto.util.DataUtil.growArrayBy(DataUtil.java:28)
	at DataUtilTest.main(DataUtilTest.java:31)

Environment

jdk 1.8 aalto-xml 1.3.2

Analysis

Our service invokes DataUtil.growArrayBy(arr, more). However, if the user provides inputs to grow the array by a large number, an OutOfMemoryError happens and our service crashes. DataUtil.growArrayBy() should check the size of array and the parameter more.

ChangXiaoning avatar Sep 06 '23 07:09 ChangXiaoning