This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e54121bab994585372c7c24b85ad9ad63a34a1c3
Author: Chenjp <ch...@msn.com>
AuthorDate: Sat Aug 2 18:44:02 2025 +0800
BZ 69762 - enhance
consider the possibility of integer overflow before result add.
---
java/org/apache/coyote/http2/Hpack.java | 2 +-
test/org/apache/coyote/http2/TestHpack.java | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http2/Hpack.java
b/java/org/apache/coyote/http2/Hpack.java
index 08d5d2555e..4820c68cda 100644
--- a/java/org/apache/coyote/http2/Hpack.java
+++ b/java/org/apache/coyote/http2/Hpack.java
@@ -179,7 +179,7 @@ final class Hpack {
return -1;
}
b = source.get();
- result = result + (b & 127) * (PREFIX_TABLE[m] + 1);
+ result = result + (b & 127) * (PREFIX_TABLE[m] + 1L);
if (result > Integer.MAX_VALUE) {
throw new
HpackException(sm.getString("hpack.integerEncodedTooBig"));
}
diff --git a/test/org/apache/coyote/http2/TestHpack.java
b/test/org/apache/coyote/http2/TestHpack.java
index 9d39d4acf2..a96453171c 100644
--- a/test/org/apache/coyote/http2/TestHpack.java
+++ b/test/org/apache/coyote/http2/TestHpack.java
@@ -178,6 +178,19 @@ public class TestHpack {
Hpack.decodeInteger(bb, 1);
}
+ @Test(expected = HpackException.class)
+ public void testDecodeIntegerOverflow() throws HpackException {
+ ByteBuffer bb = ByteBuffer.allocate(9);
+ bb.put((byte) 255);
+ bb.put((byte) 254);
+ bb.put((byte) 255);
+ bb.put((byte) 255);
+ bb.put((byte) 255);
+ bb.put((byte) 15);
+ bb.position(0);
+
+ Hpack.decodeInteger(bb, 1);
+ }
@Test(expected = HpackException.class)
public void testDecodeIntegerZeroValues() throws HpackException {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
