[tomcat] branch 8.5.x updated: Avoid unchecked use of the backing array

Fri, 21 Apr 2023 01:00:19 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new f0f052626f Avoid unchecked use of the backing array
f0f052626f is described below

commit f0f052626fdbb0d6ca2af743a6e45737c6fd65bc
Author: remm <r...@apache.org>
AuthorDate: Fri Apr 21 09:52:54 2023 +0200

    Avoid unchecked use of the backing array
    
    This comes from user code and can happen with a direct (bad idea ...) or
    read only buffer. This will cause inefficient byte copying.
    Also review all other uses of .array() in Tomcat, which all seem safe.
---
 java/org/apache/tomcat/websocket/PerMessageDeflate.java | 12 +++++++++---
 webapps/docs/changelog.xml                              |  8 ++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/PerMessageDeflate.java 
b/java/org/apache/tomcat/websocket/PerMessageDeflate.java
index 4bc97b8199..a7a9fb4524 100644
--- a/java/org/apache/tomcat/websocket/PerMessageDeflate.java
+++ b/java/org/apache/tomcat/websocket/PerMessageDeflate.java
@@ -329,9 +329,15 @@ public class PerMessageDeflate implements Transformation {
                 ByteBuffer uncompressedPayload = uncompressedPart.getPayload();
                 SendHandler uncompressedIntermediateHandler = 
uncompressedPart.getIntermediateHandler();
 
-                deflater.setInput(uncompressedPayload.array(),
-                        uncompressedPayload.arrayOffset() + 
uncompressedPayload.position(),
-                        uncompressedPayload.remaining());
+                if (uncompressedPayload.hasArray()) {
+                    deflater.setInput(uncompressedPayload.array(),
+                            uncompressedPayload.arrayOffset() + 
uncompressedPayload.position(),
+                            uncompressedPayload.remaining());
+                } else {
+                    byte[] bytes = new byte[uncompressedPayload.remaining()];
+                    uncompressedPayload.get(bytes);
+                    deflater.setInput(bytes, 0, bytes.length);
+                }
 
                 int flush = (uncompressedPart.isFin() ? Deflater.SYNC_FLUSH : 
Deflater.NO_FLUSH);
                 boolean deflateRequired = true;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5bb0b25529..56a28fbad0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,6 +121,14 @@
       </add>
     </changelog>
   </subsection>
+  <subsection name="WebSocket">
+    <changelog>
+      <fix>
+        <bug>66575</bug>: Avoid unchecked use of the backing array of a
+        buffer provided by the user in the compression transformation. (remm)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 8.5.88 (schultz)" rtext="release in progress">
   <subsection name="Catalina">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to