(tomcat) branch main updated: BZ 69762 - enhance

Mon, 04 Aug 2025 03:24:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 759e9ad34a BZ 69762 - enhance
759e9ad34a is described below

commit 759e9ad34adb99540927039c1c3959f791cee23d
Author: Chenjp <[email protected]>
AuthorDate: Sat Aug 2 18:44:02 2025 +0800

    BZ 69762 - enhance
    
    consider the possibility of integer overflow before result add.
---
 java/org/apache/coyote/http2/Hpack.java     |  2 +-
 test/org/apache/coyote/http2/TestHpack.java | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http2/Hpack.java 
b/java/org/apache/coyote/http2/Hpack.java
index 08d5d2555e..4820c68cda 100644
--- a/java/org/apache/coyote/http2/Hpack.java
+++ b/java/org/apache/coyote/http2/Hpack.java
@@ -179,7 +179,7 @@ final class Hpack {
                     return -1;
                 }
                 b = source.get();
-                result = result + (b & 127) * (PREFIX_TABLE[m] + 1);
+                result = result + (b & 127) * (PREFIX_TABLE[m] + 1L);
                 if (result > Integer.MAX_VALUE) {
                     throw new 
HpackException(sm.getString("hpack.integerEncodedTooBig"));
                 }
diff --git a/test/org/apache/coyote/http2/TestHpack.java 
b/test/org/apache/coyote/http2/TestHpack.java
index 9d39d4acf2..a96453171c 100644
--- a/test/org/apache/coyote/http2/TestHpack.java
+++ b/test/org/apache/coyote/http2/TestHpack.java
@@ -178,6 +178,19 @@ public class TestHpack {
         Hpack.decodeInteger(bb, 1);
     }
 
+    @Test(expected = HpackException.class)
+    public void testDecodeIntegerOverflow() throws HpackException {
+        ByteBuffer bb = ByteBuffer.allocate(9);
+        bb.put((byte) 255);
+        bb.put((byte) 254);
+        bb.put((byte) 255);
+        bb.put((byte) 255);
+        bb.put((byte) 255);
+        bb.put((byte) 15);
+        bb.position(0);
+
+        Hpack.decodeInteger(bb, 1);
+    }
 
     @Test(expected = HpackException.class)
     public void testDecodeIntegerZeroValues() throws HpackException {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to