Netflix/hollow

Infinite CPU-consuming Loop in VarInt.readVLong/readVInt on truncated InputStream

alexlmikh opened this issue · 0 comments

alexlmikh commented

VarInt read methods operating on InputStream and HollowBlobInput do not check for the end of stream (-1),
resulting in an infinite CPU-consuming loop in case input stream stops (truncated data e.t.c.) in the middle of the varint record (as (-1 & 0x80) == 128).

...
while ((b & 0x80) != 0) {
      b = (byte)in.read(); <-- End of stream (-1) check is missing here !
      value <<= 7;
      value |= (b & 0x7F);
}
...

https://github.com/Netflix/hollow/blame/c7f354dae4b251edee6e43aaab06c6c771131f17/hollow/src/main/java/com/netflix/hollow/core/memory/encoding/VarInt.java#L248

Proposed bugfix: #537