Integer Overflow

Question

Integer Overflow

lx183 opened this issue a year ago · comments

Describe the bug

Did some fuzzing on the library an received an integer overflow very quick.

To Reproduce

    final String base64Bytes = String.join("", "iUhERg0KGgoAAwAAAAhgLUhERg0AHgAAAAAAAAAAAACJSERGDbcKGgoCCAEAAAAA09PT09MtSERGDdPT09PT05OTlpMK");
    byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
    HdfFile.fromInputStream(new ByteArrayInputStream(input));

Expected behaviour

There is a comment in the code (Utils.java line 128):

			// Throws if the long can't be converted safely
			return Math.toIntExact(buffer.getLong());

But knowing that this can happen, maybe there needs to be addtional code to catch these exceptions

Please complete the following information:

jhdf version

  <dependency>
      <groupId>io.jhdf</groupId>
      <artifactId>jhdf</artifactId>
      <version>0.6.9</version>
  </dependency>

Java version
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
OS (Windows, Mac, Linux)

Win 10
Stack trace if available

java.lang.ArithmeticException: integer overflow

at java.base/java.lang.Math.toIntExact(Math.java:1074)
at io.jhdf.Utils.readBytesAsUnsignedInt(Utils.java:129)
at io.jhdf.SymbolTableEntry.<init>(SymbolTableEntry.java:42)
at io.jhdf.HdfFile.<init>(HdfFile.java:218)
at io.jhdf.HdfFile.fromInputStream(HdfFile.java:174)
at com.osramos.cdr.parsers.hdf5.Hdf5Test.testBadHdf5File(Hdf5Test.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69)
at com.intellij.rt.junit.IdeaTestRunner$Repeater$1.execute(IdeaTestRunner.java:38)
at com.intellij.rt.execution.junit.TestsRepeater.repeat(TestsRepeater.java:11)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:35)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:235)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:54)

jhdf logging if available

15:31:16.209 [main] INFO io.jhdf.HdfFile - jHDF version: 0.6.9
15:31:16.355 [main] INFO io.jhdf.HdfFile - Creating temp file [C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5]
15:31:16.355 [main] DEBUG io.jhdf.HdfFile - Read stream to temp file [C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5]
15:31:16.356 [main] INFO io.jhdf.HdfFile - Opening HDF5 file 'C:\Users-\AppData\Local\Temp\4133831709638618067-stream.hdf5'...
15:31:16.358 [main] DEBUG io.jhdf.HdfFile - Found valid signature at offset = 0
15:31:16.359 [main] DEBUG io.jhdf.Superblock - Version of superblock is = 0

James Mudd · Answer 1 · Sat Feb 25 2023 05:47:52 GMT+0800 (China Standard Time)

Thanks for looking at jHDF and fuzzing some inputs.

I'm not sure what you would like to happen? This behaviour seems correct to me, handling some invalid data an exception was thrown. Would you just like a different exception? Is there some other behaviour you think would be better?

Alexander · Answer 2 · Mon Feb 27 2023 16:10:47 GMT+0800 (China Standard Time)

Hi,

you are welcome.

Also thank you for providing this library. Helps alot in speeding up development.

Regarding the issue:

Not sure if this behaviour is any better, but i would it more intuitve if the library would catch such "expected" exceptions and wrap them in the standard hdf exception.