![]() ![]() Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. The function `shuffle(int input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. Snappy-java is a fast compressor/decompressor for Java. Version 1.1.10.1 contains a patch for this issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. If the result is negative, a `` exception will be raised while trying to allocate the array `buf`. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. ![]() Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. It does so by multiplying the length by 2 and passing it to the rawCompress` function. The function `compress(char input)` in the file `Snappy.java` receives an array of characters and compresses it. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |