[tomcat] branch main updated: Avoid unchecked use of the backing array

Fri, 21 Apr 2023 00:53:29 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 4d963f8c51 Avoid unchecked use of the backing array
4d963f8c51 is described below

commit 4d963f8c51cfc20abd983932f66c61d7d92026c5
Author: remm <[email protected]>
AuthorDate: Fri Apr 21 09:52:54 2023 +0200

    Avoid unchecked use of the backing array
    
    This comes from user code and can happen with a direct (bad idea ...) or
    read only buffer. This will cause inefficient byte copying.
    Also review all other uses of .array() in Tomcat, which all seem safe.
---
 java/org/apache/tomcat/websocket/PerMessageDeflate.java | 12 +++++++++---
 webapps/docs/changelog.xml                              |  8 ++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/PerMessageDeflate.java 
b/java/org/apache/tomcat/websocket/PerMessageDeflate.java
index 482c5c1d2d..665cfd24f4 100644
--- a/java/org/apache/tomcat/websocket/PerMessageDeflate.java
+++ b/java/org/apache/tomcat/websocket/PerMessageDeflate.java
@@ -329,9 +329,15 @@ public class PerMessageDeflate implements Transformation {
                 ByteBuffer uncompressedPayload = uncompressedPart.getPayload();
                 SendHandler uncompressedIntermediateHandler = 
uncompressedPart.getIntermediateHandler();
 
-                deflater.setInput(uncompressedPayload.array(),
-                        uncompressedPayload.arrayOffset() + 
uncompressedPayload.position(),
-                        uncompressedPayload.remaining());
+                if (uncompressedPayload.hasArray()) {
+                    deflater.setInput(uncompressedPayload.array(),
+                            uncompressedPayload.arrayOffset() + 
uncompressedPayload.position(),
+                            uncompressedPayload.remaining());
+                } else {
+                    byte[] bytes = new byte[uncompressedPayload.remaining()];
+                    uncompressedPayload.get(bytes);
+                    deflater.setInput(bytes, 0, bytes.length);
+                }
 
                 int flush = (uncompressedPart.isFin() ? Deflater.SYNC_FLUSH : 
Deflater.NO_FLUSH);
                 boolean deflateRequired = true;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8d738158f1..33ef668c09 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,6 +121,14 @@
       </add>
     </changelog>
   </subsection>
+  <subsection name="WebSocket">
+    <changelog>
+      <fix>
+        <bug>66575</bug>: Avoid unchecked use of the backing array of a
+        buffer provided by the user in the compression transformation. (remm)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 11.0.0-M5 (markt)" rtext="release in progress">
   <subsection name="Catalina">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to