heoq opened a new issue, #3471: URL: https://github.com/apache/fory/issues/3471
### Search before asking - [x] I had searched in the [issues](https://github.com/apache/fory/issues) and found no similar issues. ### Version 0.7.1 ### Component(s) Java ### Minimal reproduce step 1. Configure Fory/Fury to use `DeflaterMetaCompressor` for meta compression. 2. Decompress a truncated or deliberately corrupted deflate stream (e.g. take a valid compressed buffer and cut it in the middle, or flip some bytes). 3. Observe the thread in `decompress()` spinning at 100% CPU and never returning. ### What did you expect to see? throw at this case ### What did you see instead? # CPU 100% / infinite loop in `DeflaterMetaCompressor.decompress()` when input is corrupt or truncated ## Summary `DeflaterMetaCompressor.decompress()` can spin at 100% CPU in an infinite loop when the compressed input is corrupt, truncated, or otherwise invalid. The loop `while (!inflater.finished())` never exits because `Inflater.inflate()` keeps returning 0 without setting `finished()` to true. ## Environment - **Component:** `fory-core` (or fury-core) - **Class:** `org.apache.fory.meta.DeflaterMetaCompressor` - **Method:** `decompress(byte[] input, int offset, int size)` ## Current code (problematic) ```java @Override public byte[] decompress(byte[] input, int offset, int size) { Inflater inflater = new Inflater(); inflater.setInput(input, offset, size); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); byte[] buffer = new byte[128]; try { while (!inflater.finished()) { int decompressedSize = inflater.inflate(buffer); outputStream.write(buffer, 0, decompressedSize); } } catch (DataFormatException e) { throw new RuntimeException(e); } return outputStream.toByteArray(); } ``` ## Root cause 1. **Infinite loop:** For bad input (corrupt/truncated/incomplete), `inflater.inflate(buffer)` can repeatedly return **0** (no bytes produced) while `inflater.finished()` remains **false**. The loop never exits and consumes 100% CPU. 2. **Missing progress check:** There is no handling for the case “not finished but no output” (e.g. need more input or need dictionary). Per `Inflater` semantics, returning 0 without finishing means the stream is stuck; the code should break or throw instead of looping forever. ### Anything Else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
