This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-io.git
commit c9089843e92bf74180ac7967ef9099c29784f1af
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Fri May 12 18:16:28 2023 -0400
Zero out some arrays before use
---
src/main/java/org/apache/commons/io/IOUtils.java | 36 +++++++++++++---
.../commons/io/input/ReadAheadInputStream.java | 1 +
.../java/org/apache/commons/io/IOCaseTest.java | 50 +++++++++++++++++++++-
3 files changed, 78 insertions(+), 9 deletions(-)
diff --git a/src/main/java/org/apache/commons/io/IOUtils.java
b/src/main/java/org/apache/commons/io/IOUtils.java
index cca9a798..3479b0b3 100644
--- a/src/main/java/org/apache/commons/io/IOUtils.java
+++ b/src/main/java/org/apache/commons/io/IOUtils.java
@@ -1684,13 +1684,35 @@ public class IOUtils {
return totalRead;
}
+ /**
+ * Fills the given array with 0s.
+ *
+ * @param arr The array to fill.
+ * @return The given array.
+ */
+ private static byte[] fill0(final byte[] arr) {
+ Arrays.fill(arr, (byte) 0);
+ return arr;
+ }
+
+ /**
+ * Fills the given array with 0s.
+ *
+ * @param arr The array to fill.
+ * @return The given array.
+ */
+ private static char[] fill0(final char[] arr) {
+ Arrays.fill(arr, (char) 0);
+ return arr;
+ }
+
/**
* Gets the internal byte array buffer, intended for both reading and
writing.
*
* @return the internal byte array buffer, intended for both reading and
writing.
*/
- private static byte[] getScratchByteArray() {
- return SCRATCH_BYTE_BUFFER_RW.get();
+ static byte[] getScratchByteArray() {
+ return fill0(SCRATCH_BYTE_BUFFER_RW.get());
}
/**
@@ -1698,8 +1720,8 @@ public class IOUtils {
*
* @return the internal byte array intended for write only operations.
*/
- private static byte[] getScratchByteArrayWriteOnly() {
- return SCRATCH_BYTE_BUFFER_WO;
+ static byte[] getScratchByteArrayWriteOnly() {
+ return fill0(SCRATCH_BYTE_BUFFER_WO);
}
/**
@@ -1708,7 +1730,7 @@ public class IOUtils {
* @return the char byte array buffer, intended for both reading and
writing.
*/
static char[] getScratchCharArray() {
- return SCRATCH_CHAR_BUFFER_RW.get();
+ return fill0(SCRATCH_CHAR_BUFFER_RW.get());
}
/**
@@ -1716,8 +1738,8 @@ public class IOUtils {
*
* @return the internal char array intended for write only operations.
*/
- private static char[] getScratchCharArrayWriteOnly() {
- return SCRATCH_CHAR_BUFFER_WO;
+ static char[] getScratchCharArrayWriteOnly() {
+ return fill0(SCRATCH_CHAR_BUFFER_WO);
}
/**
diff --git
a/src/main/java/org/apache/commons/io/input/ReadAheadInputStream.java
b/src/main/java/org/apache/commons/io/input/ReadAheadInputStream.java
index 7d03a5a8..158a0651 100644
--- a/src/main/java/org/apache/commons/io/input/ReadAheadInputStream.java
+++ b/src/main/java/org/apache/commons/io/input/ReadAheadInputStream.java
@@ -299,6 +299,7 @@ public class ReadAheadInputStream extends FilterInputStream
{
return activeBuffer.get() & 0xFF;
}
final byte[] oneByteArray = BYTE_ARRAY_1.get();
+ oneByteArray[0] = 0;
return read(oneByteArray, 0, 1) == EOF ? EOF : oneByteArray[0] & 0xFF;
}
diff --git a/src/test/java/org/apache/commons/io/IOCaseTest.java
b/src/test/java/org/apache/commons/io/IOCaseTest.java
index a73aa2fa..6ca30c0c 100644
--- a/src/test/java/org/apache/commons/io/IOCaseTest.java
+++ b/src/test/java/org/apache/commons/io/IOCaseTest.java
@@ -27,6 +27,7 @@ import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
+import java.util.Arrays;
import org.junit.jupiter.api.Test;
@@ -37,6 +38,18 @@ public class IOCaseTest {
private static final boolean WINDOWS = File.separatorChar == '\\';
+ private void assert0(final byte[] arr) {
+ for (final byte e : arr) {
+ assertEquals(0, e);
+ }
+ }
+
+ private void assert0(final char[] arr) {
+ for (final char e : arr) {
+ assertEquals(0, e);
+ }
+ }
+
private IOCase serialize(final IOCase value) throws Exception {
final ByteArrayOutputStream buf = new ByteArrayOutputStream();
try (final ObjectOutputStream out = new ObjectOutputStream(buf)) {
@@ -77,7 +90,6 @@ public class IOCaseTest {
assertThrows(NullPointerException.class, () ->
IOCase.SENSITIVE.checkCompareTo(null, "ABC"));
assertThrows(NullPointerException.class, () ->
IOCase.SENSITIVE.checkCompareTo(null, null));
}
-
@Test
public void test_checkEndsWith_case() {
assertTrue(IOCase.SENSITIVE.checkEndsWith("ABC", "BC"));
@@ -106,6 +118,8 @@ public class IOCaseTest {
assertFalse(IOCase.SENSITIVE.checkEndsWith(null, "ABC"));
assertFalse(IOCase.SENSITIVE.checkEndsWith(null, null));
}
+
+
@Test
public void test_checkEquals_case() {
assertTrue(IOCase.SENSITIVE.checkEquals("ABC", "ABC"));
@@ -135,7 +149,6 @@ public class IOCaseTest {
assertThrows(NullPointerException.class, () ->
IOCase.SENSITIVE.checkEquals(null, null));
}
-
@Test
public void test_checkIndexOf_case() {
assertEquals(1, IOCase.SENSITIVE.checkIndexOf("ABC", 0, "BC"));
@@ -279,6 +292,38 @@ public class IOCaseTest {
assertEquals("System", IOCase.SYSTEM.getName());
}
+ @Test
+ public void test_getScratchByteArray() {
+ final byte[] array = IOUtils.getScratchByteArray();
+ assert0(array);
+ Arrays.fill(array, (byte) 1);
+ assert0(IOUtils.getScratchCharArray());
+ }
+
+ @Test
+ public void test_getScratchByteArrayWriteOnly() {
+ final byte[] array = IOUtils.getScratchByteArrayWriteOnly();
+ assert0(array);
+ Arrays.fill(array, (byte) 1);
+ assert0(IOUtils.getScratchCharArray());
+ }
+
+ @Test
+ public void test_getScratchCharArray() {
+ final char[] array = IOUtils.getScratchCharArray();
+ assert0(array);
+ Arrays.fill(array, (char) 1);
+ assert0(IOUtils.getScratchCharArray());
+ }
+
+ @Test
+ public void test_getScratchCharArrayWriteOnly() {
+ final char[] array = IOUtils.getScratchCharArrayWriteOnly();
+ assert0(array);
+ Arrays.fill(array, (char) 1);
+ assert0(IOUtils.getScratchCharArray());
+ }
+
@Test
public void test_isCaseSensitive() {
assertTrue(IOCase.SENSITIVE.isCaseSensitive());
@@ -306,4 +351,5 @@ public class IOCaseTest {
assertEquals("Insensitive", IOCase.INSENSITIVE.toString());
assertEquals("System", IOCase.SYSTEM.toString());
}
+
}
