From 7fdb2a9d4dac39b003469061d807602e765fc41d Mon Sep 17 00:00:00 2001
From: cpovirk <cpovirk@google.com>
Date: Tue, 24 Apr 2018 11:05:03 -0700
Subject: [PATCH] Avoid presizing arrays.
RELNOTES=Fixed Denial of Service vulnerability for servers that use Guava and deserialize attacker data: [CVE-2018-10237](https://github.com/google/guava/wiki/CVE-2018-10237).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=194113840
---
.../google/common/util/concurrent/AtomicDoubleArray.java | 9 ++++-----
.../collect/CompoundOrdering_CustomFieldSerializer.java | 2 +-
.../google/common/util/concurrent/AtomicDoubleArray.java | 9 ++++-----
3 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/android/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java b/android/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
index e066448..a364502 100644
--- a/android/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
+++ b/android/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
@@ -17,6 +17,7 @@ import static java.lang.Double.doubleToRawLongBits;
import static java.lang.Double.longBitsToDouble;
import com.google.common.annotations.GwtIncompatible;
+import com.google.common.primitives.ImmutableLongArray;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.util.concurrent.atomic.AtomicLongArray;
@@ -247,13 +248,11 @@ public class AtomicDoubleArray implements java.io.Serializable {
throws java.io.IOException, ClassNotFoundException {
s.defaultReadObject();
- // Read in array length and allocate array
int length = s.readInt();
- this.longs = new AtomicLongArray(length);
-
- // Read in all elements in the proper order.
+ ImmutableLongArray.Builder builder = ImmutableLongArray.builder();
for (int i = 0; i < length; i++) {
- set(i, s.readDouble());
+ builder.add(doubleToRawLongBits(s.readDouble()));
}
+ this.longs = new AtomicLongArray(builder.build().toArray());
}
}
diff --git a/guava-gwt/src/com/google/common/collect/CompoundOrdering_CustomFieldSerializer.java b/guava-gwt/src/com/google/common/collect/CompoundOrdering_CustomFieldSerializer.java
index 33b60f2..527c265 100644
--- a/guava-gwt/src/com/google/common/collect/CompoundOrdering_CustomFieldSerializer.java
+++ b/guava-gwt/src/com/google/common/collect/CompoundOrdering_CustomFieldSerializer.java
@@ -36,7 +36,7 @@ public class CompoundOrdering_CustomFieldSerializer {
public static CompoundOrdering<Object> instantiate(SerializationStreamReader reader)
throws SerializationException {
int n = reader.readInt();
- List<Comparator<Object>> comparators = new ArrayList<>(n);
+ List<Comparator<Object>> comparators = new ArrayList<>();
for (int i = 0; i < n; i++) {
comparators.add((Comparator<Object>) reader.readObject());
}
diff --git a/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java b/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
index e066448..a364502 100644
--- a/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
+++ b/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
@@ -17,6 +17,7 @@ import static java.lang.Double.doubleToRawLongBits;
import static java.lang.Double.longBitsToDouble;
import com.google.common.annotations.GwtIncompatible;
+import com.google.common.primitives.ImmutableLongArray;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.util.concurrent.atomic.AtomicLongArray;
@@ -247,13 +248,11 @@ public class AtomicDoubleArray implements java.io.Serializable {
throws java.io.IOException, ClassNotFoundException {
s.defaultReadObject();
- // Read in array length and allocate array
int length = s.readInt();
- this.longs = new AtomicLongArray(length);
-
- // Read in all elements in the proper order.
+ ImmutableLongArray.Builder builder = ImmutableLongArray.builder();
for (int i = 0; i < length; i++) {
- set(i, s.readDouble());
+ builder.add(doubleToRawLongBits(s.readDouble()));
}
+ this.longs = new AtomicLongArray(builder.build().toArray());
}
}
--
2.17.0