diff --git a/artemis-commons/src/main/java/org/apache/activemq/artemis/api/core/SimpleString.java b/artemis-commons/src/main/java/org/apache/activemq/artemis/api/core/SimpleString.java index e8530e6715..79909c7acc 100644 --- a/artemis-commons/src/main/java/org/apache/activemq/artemis/api/core/SimpleString.java +++ b/artemis-commons/src/main/java/org/apache/activemq/artemis/api/core/SimpleString.java @@ -146,6 +146,9 @@ public final class SimpleString implements CharSequence, Serializable, Comparabl public static SimpleString readSimpleString(ByteBuf buffer) { int len = buffer.readInt(); + if (len > buffer.readableBytes()) { + throw new IndexOutOfBoundsException(); + } byte[] data = new byte[len]; buffer.readBytes(data); return new SimpleString(data); diff --git a/artemis-commons/src/test/java/org/apache/activemq/artemis/utils/SimpleStringTest.java b/artemis-commons/src/test/java/org/apache/activemq/artemis/utils/SimpleStringTest.java new file mode 100644 index 0000000000..0498cab8a9 --- /dev/null +++ b/artemis-commons/src/test/java/org/apache/activemq/artemis/utils/SimpleStringTest.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.utils; + +import io.netty.buffer.ByteBuf; +import io.netty.buffer.ByteBufAllocator; +import org.apache.activemq.artemis.api.core.SimpleString; +import org.junit.Test; + +import static org.junit.Assert.assertTrue; + +public class SimpleStringTest { + + @Test + public void testOutOfBoundsThrownOnMalformedString() { + ByteBuf byteBuffer = ByteBufAllocator.DEFAULT.buffer(5); + byteBuffer.writeInt(100); + + Exception e = null; + try { + SimpleString.readSimpleString(byteBuffer); + } catch (IndexOutOfBoundsException iob) { + e = iob; + } + assertTrue(e instanceof IndexOutOfBoundsException); + } +}