jhdf icon indicating copy to clipboard operation
jhdf copied to clipboard

Published 20 hours ago verified publisher icon jamesmudd

Integer Overflow

Open lx183 opened this issue 2 years ago • 2 comments

Describe the bug

Did some fuzzing on the library an received an integer overflow very quick.

To Reproduce

    final String base64Bytes = String.join("", "iUhERg0KGgoAAwAAAAhgLUhERg0AHgAAAAAAAAAAAACJSERGDbcKGgoCCAEAAAAA09PT09MtSERGDdPT09PT05OTlpMK");
    byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
    HdfFile.fromInputStream(new ByteArrayInputStream(input));

Expected behaviour

There is a comment in the code (Utils.java line 128):

			// Throws if the long can't be converted safely
			return Math.toIntExact(buffer.getLong());

But knowing that this can happen, maybe there needs to be addtional code to catch these exceptions

Please complete the following information:

  • jhdf version

  •   <dependency>
      <groupId>io.jhdf</groupId>
      <artifactId>jhdf</artifactId>
      <version>0.6.9</version>
  </dependency>

  • Java version <maven.compiler.source>11</maven.compiler.source> <maven.compiler.target>11</maven.compiler.target>

  • OS (Windows, Mac, Linux)

    Win 10

  • Stack trace if available

java.lang.ArithmeticException: integer overflow

at java.base/java.lang.Math.toIntExact(Math.java:1074)
at io.jhdf.Utils.readBytesAsUnsignedInt(Utils.java:129)
at io.jhdf.SymbolTableEntry.<init>(SymbolTableEntry.java:42)
at io.jhdf.HdfFile.<init>(HdfFile.java:218)
at io.jhdf.HdfFile.fromInputStream(HdfFile.java:174)
at com.osramos.cdr.parsers.hdf5.Hdf5Test.testBadHdf5File(Hdf5Test.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69)
at com.intellij.rt.junit.IdeaTestRunner$Repeater$1.execute(IdeaTestRunner.java:38)
at com.intellij.rt.execution.junit.TestsRepeater.repeat(TestsRepeater.java:11)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:35)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:235)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:54)
  • jhdf logging if available

15:31:16.209 [main] INFO io.jhdf.HdfFile - jHDF version: 0.6.9 15:31:16.355 [main] INFO io.jhdf.HdfFile - Creating temp file [C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5] 15:31:16.355 [main] DEBUG io.jhdf.HdfFile - Read stream to temp file [C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5] 15:31:16.356 [main] INFO io.jhdf.HdfFile - Opening HDF5 file 'C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5'... 15:31:16.358 [main] DEBUG io.jhdf.HdfFile - Found valid signature at offset = 0 15:31:16.359 [main] DEBUG io.jhdf.Superblock - Version of superblock is = 0

lx183 avatar Feb 24 '23 14:02 lx183

Thanks for looking at jHDF and fuzzing some inputs.

I'm not sure what you would like to happen? This behaviour seems correct to me, handling some invalid data an exception was thrown. Would you just like a different exception? Is there some other behaviour you think would be better?

jamesmudd avatar Feb 24 '23 21:02 jamesmudd

Hi,

you are welcome.

Also thank you for providing this library. Helps alot in speeding up development.

Regarding the issue:

Not sure if this behaviour is any better, but i would it more intuitve if the library would catch such "expected" exceptions and wrap them in the standard hdf exception.

lx183 avatar Feb 27 '23 08:02 lx183