Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer Overflow #457

Open
lx183 opened this issue Feb 24, 2023 · 2 comments
Open

Integer Overflow #457

lx183 opened this issue Feb 24, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@lx183
Copy link

lx183 commented Feb 24, 2023

Describe the bug

Did some fuzzing on the library an received an integer overflow very quick.

To Reproduce

    final String base64Bytes = String.join("", "iUhERg0KGgoAAwAAAAhgLUhERg0AHgAAAAAAAAAAAACJSERGDbcKGgoCCAEAAAAA09PT09MtSERGDdPT09PT05OTlpMK");
    byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
    HdfFile.fromInputStream(new ByteArrayInputStream(input));

Expected behaviour

There is a comment in the code (Utils.java line 128):

			// Throws if the long can't be converted safely
			return Math.toIntExact(buffer.getLong());

But knowing that this can happen, maybe there needs to be addtional code to catch these exceptions

Please complete the following information:

  • jhdf version

  •   <dependency>
      <groupId>io.jhdf</groupId>
      <artifactId>jhdf</artifactId>
      <version>0.6.9</version>
  </dependency>

  • Java version
    <maven.compiler.source>11</maven.compiler.source>
    <maven.compiler.target>11</maven.compiler.target>

  • OS (Windows, Mac, Linux)

    Win 10

  • Stack trace if available

java.lang.ArithmeticException: integer overflow

at java.base/java.lang.Math.toIntExact(Math.java:1074)
at io.jhdf.Utils.readBytesAsUnsignedInt(Utils.java:129)
at io.jhdf.SymbolTableEntry.<init>(SymbolTableEntry.java:42)
at io.jhdf.HdfFile.<init>(HdfFile.java:218)
at io.jhdf.HdfFile.fromInputStream(HdfFile.java:174)
at com.osramos.cdr.parsers.hdf5.Hdf5Test.testBadHdf5File(Hdf5Test.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69)
at com.intellij.rt.junit.IdeaTestRunner$Repeater$1.execute(IdeaTestRunner.java:38)
at com.intellij.rt.execution.junit.TestsRepeater.repeat(TestsRepeater.java:11)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:35)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:235)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:54)
  • jhdf logging if available

15:31:16.209 [main] INFO io.jhdf.HdfFile - jHDF version: 0.6.9
15:31:16.355 [main] INFO io.jhdf.HdfFile - Creating temp file [C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5]
15:31:16.355 [main] DEBUG io.jhdf.HdfFile - Read stream to temp file [C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5]
15:31:16.356 [main] INFO io.jhdf.HdfFile - Opening HDF5 file 'C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5'...
15:31:16.358 [main] DEBUG io.jhdf.HdfFile - Found valid signature at offset = 0
15:31:16.359 [main] DEBUG io.jhdf.Superblock - Version of superblock is = 0
@jamesmudd
Copy link
Owner

Thanks for looking at jHDF and fuzzing some inputs.

I'm not sure what you would like to happen? This behaviour seems correct to me, handling some invalid data an exception was thrown. Would you just like a different exception? Is there some other behaviour you think would be better?

@lx183
Copy link
Author

lx183 commented Feb 27, 2023

Hi,

you are welcome.

Also thank you for providing this library. Helps alot in speeding up development.

Regarding the issue:

Not sure if this behaviour is any better, but i would it more intuitve if the library would catch such "expected" exceptions and wrap them in the standard hdf exception.

@jamesmudd jamesmudd added the enhancement New feature or request label Aug 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamesmudd @lx183