Skip to content

Buildpack module does not validate long-to-int casts#50382

Merged
philwebb merged 1 commit into
spring-projects:3.5.xfrom
SebTardif:fix/buildpack-integer-overflow-guards
May 12, 2026
Merged

Buildpack module does not validate long-to-int casts#50382
philwebb merged 1 commit into
spring-projects:3.5.xfrom
SebTardif:fix/buildpack-integer-overflow-guards

Conversation

@SebTardif

@SebTardif SebTardif commented May 10, 2026

Copy link
Copy Markdown
Contributor

Add explicit size checks before casting long values to int in two locations in the buildpack module where external data (file sizes, Docker stream headers) could exceed Integer.MAX_VALUE.

Content.of(File): file.length() returns long but was cast to int without validation. Files larger than 2GB would silently produce incorrect (possibly negative) size values, corrupting tar entry headers. Now throws IllegalStateException with the actual file size in the message.

LogUpdateEvent.read(): The size parameter is parsed from a Docker multiplexed stream header (4 unsigned bytes, max ~4GB). Values exceeding Integer.MAX_VALUE would cause NegativeArraySizeException when allocating the byte array. Now throws IllegalStateException with the actual byte count. The error is caught by readAll() and forwarded as a STD_ERR log event, matching the existing error handling pattern.

Both assertions use the lambda-with-formatted-value pattern already established by StreamType.forId() in the same file. Tests added for both overflow paths.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 10, 2026
@wilkinsona wilkinsona added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels May 10, 2026
@wilkinsona wilkinsona added this to the 3.5.x milestone May 10, 2026
@SebTardif @philwebb
Add size validation for long-to-int casts in buildpack module
f318c93 
Add explicit size checks before casting long values to int in
Content.of(File) and LogUpdateEvent.read() to prevent silent data
corruption or NegativeArraySizeException when processing large files
or malformed Docker stream data.

See spring-projectsgh-50382

Signed-off-by: Sebastien Tardif <[email protected]>
@philwebb philwebb changed the base branch from main to 3.5.x May 12, 2026 18:46
@philwebb philwebb force-pushed the fix/buildpack-integer-overflow-guards branch from 4de08cf to f318c93 Compare May 12, 2026 18:47
@philwebb philwebb modified the milestones: 3.5.x, 3.5.15 May 12, 2026
@philwebb philwebb mentioned this pull request May 12, 2026
Closed
@philwebb philwebb merged commit f6ef0c1 into spring-projects:3.5.x May 12, 2026
4 checks passed
@philwebb

philwebb commented May 12, 2026

Copy link
Copy Markdown
Member

Thanks @SebTardif!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: bug A general bug

Projects

None yet

Milestone

3.5.15

Development

Successfully merging this pull request may close these issues.

4 participants

@SebTardif @philwebb @wilkinsona @spring-projects-issues