From 86da8e471dd3c2b06d8dcf6cc9e6daff8074e52b Mon Sep 17 00:00:00 2001 From: Ivan Leskin Date: Tue, 15 Dec 2020 22:04:44 +0300 Subject: [PATCH 1/2] IO-429: Check for long streams in IOUtils.toByteArray Throw an IllegalArgumentException when an InputStream provided to IOUtils.toByteArray() is longer than Integer.MAX_VALUE bytes. Conversion of such long arrays is not possible, as arrays with long indices are forbidden by Java language specification. --- src/main/java/org/apache/commons/io/IOUtils.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/apache/commons/io/IOUtils.java b/src/main/java/org/apache/commons/io/IOUtils.java index 25c352827d0..bef6c7da7fb 100644 --- a/src/main/java/org/apache/commons/io/IOUtils.java +++ b/src/main/java/org/apache/commons/io/IOUtils.java @@ -2394,10 +2394,13 @@ public static BufferedReader toBufferedReader(final Reader reader, final int siz * @return the requested byte array. * @throws NullPointerException if the InputStream is {@code null}. * @throws IOException if an I/O error occurs. + * @throws IllegalArgumentException if input is longer than the maximum Java array length. */ public static byte[] toByteArray(final InputStream inputStream) throws IOException { try (final ByteArrayOutputStream output = new ByteArrayOutputStream()) { - copy(inputStream, output); + if (copy(inputStream, output) == -1) { + throw new IllegalArgumentException("Stream cannot be longer than Integer max value bytes"); + } return output.toByteArray(); } } From 12a78ee30f664c18aa09cfed61b1a7453faf407c Mon Sep 17 00:00:00 2001 From: Ivan Leskin Date: Thu, 13 May 2021 22:46:41 +0300 Subject: [PATCH 2/2] IO-429: Test case for IOUtils.toByteArray() with long InputStream Add a test case testToByteArray_InputStreamTooLong() to IOUtilsTestCase to test how InputStreams with more than Integer.MAX_VALUE bytes are processed by IOUtils.toByteArray(). --- src/test/java/org/apache/commons/io/IOUtilsTestCase.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/test/java/org/apache/commons/io/IOUtilsTestCase.java b/src/test/java/org/apache/commons/io/IOUtilsTestCase.java index 9b4d41eae58..e060ede0215 100644 --- a/src/test/java/org/apache/commons/io/IOUtilsTestCase.java +++ b/src/test/java/org/apache/commons/io/IOUtilsTestCase.java @@ -62,6 +62,7 @@ import java.util.List; import org.apache.commons.io.function.IOConsumer; +import org.apache.commons.io.input.CircularInputStream; import org.apache.commons.io.input.NullInputStream; import org.apache.commons.io.output.AppendableWriter; import org.apache.commons.io.output.NullOutputStream; @@ -1435,9 +1436,13 @@ public void testToByteArray_InputStream() throws Exception { } } + @Test public void testToByteArray_InputStreamTooLong() throws Exception { + CircularInputStream cin = new CircularInputStream(new byte[]{65, 65, 65}, ((long)Integer.MAX_VALUE) + 1L); + assertThrows(IllegalArgumentException.class, () -> IOUtils.toByteArray(cin)); + } + @Test public void testToByteArray_InputStream_NegativeSize() throws Exception { - try (FileInputStream fin = new FileInputStream(testFile)) { IOUtils.toByteArray(fin, -1); fail("IllegalArgumentException expected");