You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
VarInt read methods operating on InputStream and HollowBlobInput do not check for the end of stream (-1),
resulting in an infinite CPU-consuming loop in case input stream stops (truncated data e.t.c.) in the middle of the varint record (as (-1 & 0x80) == 128).
...
while ((b & 0x80) != 0) {
b = (byte)in.read(); <-- End of stream (-1) check is missing here !
value <<= 7;
value |= (b & 0x7F);
}
...
VarInt
read methods operating onInputStream
andHollowBlobInput
do not check for the end of stream (-1),resulting in an infinite CPU-consuming loop in case input stream stops (truncated data e.t.c.) in the middle of the varint record (as
(-1 & 0x80) == 128
).https://github.com/Netflix/hollow/blame/c7f354dae4b251edee6e43aaab06c6c771131f17/hollow/src/main/java/com/netflix/hollow/core/memory/encoding/VarInt.java#L248
Proposed bugfix: #537
The text was updated successfully, but these errors were encountered: