Improve behavior under the risk of an int overflow and negative lengths in JavaLite

PiperOrigin-RevId: 908845731

Author: protobuf-github-bot

java/core/src/main/java/com/google/protobuf/ArrayDecoders.java

@@ -437,7 +437,14 @@ static int decodePackedVarint32List(
       byte[] data, int position, ProtobufList<?> list, Registers registers) throws IOException {
     final IntArrayList output = (IntArrayList) list;
     position = decodeVarint32(data, position, registers);
-    final int fieldLimit = position + registers.int1;
+    final int packedDataByteSize = registers.int1;
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
+      throw InvalidProtocolBufferException.truncatedMessage();
+    }
+    final int fieldLimit = position + packedDataByteSize;
     while (position < fieldLimit) {
       position = decodeVarint32(data, position, registers);
       output.addInt(registers.int1);
@@ -453,7 +460,14 @@ static int decodePackedVarint64List(
       byte[] data, int position, ProtobufList<?> list, Registers registers) throws IOException {
     final LongArrayList output = (LongArrayList) list;
     position = decodeVarint32(data, position, registers);
-    final int fieldLimit = position + registers.int1;
+    final int packedDataByteSize = registers.int1;
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
+      throw InvalidProtocolBufferException.truncatedMessage();
+    }
+    final int fieldLimit = position + packedDataByteSize;
     while (position < fieldLimit) {
       position = decodeVarint64(data, position, registers);
       output.addLong(registers.long1);
@@ -471,10 +485,13 @@ static int decodePackedFixed32List(
     final IntArrayList output = (IntArrayList) list;
     position = decodeVarint32(data, position, registers);
     final int packedDataByteSize = registers.int1;
-    final int fieldLimit = position + packedDataByteSize;
-    if (fieldLimit > data.length) {
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
       throw InvalidProtocolBufferException.truncatedMessage();
     }
+    final int fieldLimit = position + packedDataByteSize;
     output.ensureCapacity(output.size() + packedDataByteSize / 4);
     while (position < fieldLimit) {
       output.addInt(decodeFixed32(data, position));
@@ -493,10 +510,13 @@ static int decodePackedFixed64List(
     final LongArrayList output = (LongArrayList) list;
     position = decodeVarint32(data, position, registers);
     final int packedDataByteSize = registers.int1;
-    final int fieldLimit = position + packedDataByteSize;
-    if (fieldLimit > data.length) {
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
       throw InvalidProtocolBufferException.truncatedMessage();
     }
+    final int fieldLimit = position + packedDataByteSize;
     output.ensureCapacity(output.size() + packedDataByteSize / 8);
     while (position < fieldLimit) {
       output.addLong(decodeFixed64(data, position));
@@ -515,10 +535,13 @@ static int decodePackedFloatList(
     final FloatArrayList output = (FloatArrayList) list;
     position = decodeVarint32(data, position, registers);
     final int packedDataByteSize = registers.int1;
-    final int fieldLimit = position + packedDataByteSize;
-    if (fieldLimit > data.length) {
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
       throw InvalidProtocolBufferException.truncatedMessage();
     }
+    final int fieldLimit = position + packedDataByteSize;
     output.ensureCapacity(output.size() + packedDataByteSize / 4);
     while (position < fieldLimit) {
       output.addFloat(decodeFloat(data, position));
@@ -537,10 +560,13 @@ static int decodePackedDoubleList(
     final DoubleArrayList output = (DoubleArrayList) list;
     position = decodeVarint32(data, position, registers);
     final int packedDataByteSize = registers.int1;
-    final int fieldLimit = position + packedDataByteSize;
-    if (fieldLimit > data.length) {
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
       throw InvalidProtocolBufferException.truncatedMessage();
     }
+    final int fieldLimit = position + packedDataByteSize;
     output.ensureCapacity(output.size() + packedDataByteSize / 8);
     while (position < fieldLimit) {
       output.addDouble(decodeDouble(data, position));
@@ -558,7 +584,14 @@ static int decodePackedBoolList(
       throws InvalidProtocolBufferException {
     final BooleanArrayList output = (BooleanArrayList) list;
     position = decodeVarint32(data, position, registers);
-    final int fieldLimit = position + registers.int1;
+    final int packedDataByteSize = registers.int1;
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
+      throw InvalidProtocolBufferException.truncatedMessage();
+    }
+    final int fieldLimit = position + packedDataByteSize;
     while (position < fieldLimit) {
       position = decodeVarint64(data, position, registers);
       output.addBoolean(registers.long1 != 0);
@@ -575,7 +608,14 @@ static int decodePackedSInt32List(
       throws InvalidProtocolBufferException {
     final IntArrayList output = (IntArrayList) list;
     position = decodeVarint32(data, position, registers);
-    final int fieldLimit = position + registers.int1;
+    final int packedDataByteSize = registers.int1;
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
+      throw InvalidProtocolBufferException.truncatedMessage();
+    }
+    final int fieldLimit = position + packedDataByteSize;
     while (position < fieldLimit) {
       position = decodeVarint32(data, position, registers);
       output.addInt(CodedInputStream.decodeZigZag32(registers.int1));
@@ -592,7 +632,14 @@ static int decodePackedSInt64List(
       throws InvalidProtocolBufferException {
     final LongArrayList output = (LongArrayList) list;
     position = decodeVarint32(data, position, registers);
-    final int fieldLimit = position + registers.int1;
+    final int packedDataByteSize = registers.int1;
+    if (packedDataByteSize < 0) {
+      throw InvalidProtocolBufferException.negativeSize();
+    }
+    if (packedDataByteSize > data.length - position) {
+      throw InvalidProtocolBufferException.truncatedMessage();
+    }
+    final int fieldLimit = position + packedDataByteSize;
     while (position < fieldLimit) {
       position = decodeVarint64(data, position, registers);
       output.addLong(CodedInputStream.decodeZigZag64(registers.long1));

java/core/src/test/java/com/google/protobuf/ArrayDecodersTest.java

@@ -7,6 +7,7 @@
 
 package com.google.protobuf;
 
+import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertThrows;
 
 import com.google.protobuf.ArrayDecoders.Registers;
@@ -152,11 +153,24 @@ public void testException_decodeUnknownField() {
 
   @Test
   public void testDecodePackedFixed32List_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedFixed32List(
-                packedSizeBytesNoTag(-1), 0, new IntArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedFixed32List(
+                    packedSizeBytesNoTag(-1), 0, new IntArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
+  }
+
+  @Test
+  public void testDecodePackedFixed32List_overflowsArrayEnd() {
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedFixed32List(
+                    packedSizeBytesNoTag(Integer.MAX_VALUE - 5), 0, new IntArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("truncated");
   }
 
   @Test
@@ -197,56 +211,68 @@ public void testDecodePackedDoubleList_2gb_beyondEndOfArray() {
 
   @Test
   public void testDecodePackedFixed64List_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedFixed64List(
-                packedSizeBytesNoTag(-1), 0, new LongArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedFixed64List(
+                    packedSizeBytesNoTag(-1), 0, new LongArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
   }
 
   @Test
   public void testDecodePackedFloatList_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedFloatList(
-                packedSizeBytesNoTag(-1), 0, new FloatArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedFloatList(
+                    packedSizeBytesNoTag(-1), 0, new FloatArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
   }
 
   @Test
   public void testDecodePackedDoubleList_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedDoubleList(
-                packedSizeBytesNoTag(-1), 0, new DoubleArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedDoubleList(
+                    packedSizeBytesNoTag(-1), 0, new DoubleArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
   }
 
   @Test
   public void testDecodePackedBoolList_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedBoolList(
-                packedSizeBytesNoTag(-1), 0, new BooleanArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedBoolList(
+                    packedSizeBytesNoTag(-1), 0, new BooleanArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
   }
 
   @Test
   public void testDecodePackedSInt32List_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedSInt32List(
-                packedSizeBytesNoTag(-1), 0, new IntArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedSInt32List(
+                    packedSizeBytesNoTag(-1), 0, new IntArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
   }
 
   @Test
   public void testDecodePackedSInt64List_negativeSize() {
-    assertThrows(
-        InvalidProtocolBufferException.class,
-        () ->
-            ArrayDecoders.decodePackedSInt64List(
-                packedSizeBytesNoTag(-1), 0, new LongArrayList(), registers));
+    InvalidProtocolBufferException e =
+        assertThrows(
+            InvalidProtocolBufferException.class,
+            () ->
+                ArrayDecoders.decodePackedSInt64List(
+                    packedSizeBytesNoTag(-1), 0, new LongArrayList(), registers));
+    assertThat(e).hasMessageThat().contains("negative size");
   }
 
   @Test