#542: Add a warning note for the usage of MessageUnpacker.readPayloadAsReference by xerial · Pull Request #546

#542: Add a warning note for the usage of MessageUnpacker.readPayloadAsReference by xerial · Pull Request #546 · msgpack/msgpack-java

Merged

xerial merged 1 commit intomsgpack:developfrom

xerial:fix-buffer-access

Feb 15, 2021

Merged

#542: Add a warning note for the usage of MessageUnpacker.readPayloadAsReference#546
xerial merged 1 commit intomsgpack:developfrom
xerial:fix-buffer-access

Conversation

Copy link Copy Markdown

Member

xerial commented
Feb 14, 2021

No description provided.

msgpack#542: Add a warning note for the usage of MessageUnpacker.read…

367fd7b

…PayloadAsReference

xerial mentioned this pull request

Feb 14, 2021

MessageBuffer allows unsafe out-of-bounds reads and writes #542

Open

xerial requested a review from komamitsu

February 14, 2021 22:16

komamitsu approved these changes Feb 15, 2021

View reviewed changes

Copy link Copy Markdown

Member

komamitsu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The user of this method can know the buffer length encoded in the header. Even with a wrong length in header encoded by an attacker, it should be safe as long as the user of this method implements safely.

xerial merged commit 4976b7f into msgpack:develop

Feb 15, 2021

Labels

None yet

Navigation Menu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

#542: Add a warning note for the usage of MessageUnpacker.readPayloadAsReference#546
xerial merged 1 commit intomsgpack:developfrom
xerial:fix-buffer-access