Skip to content

Commit

Permalink
cater for array size marked with -1
Browse files Browse the repository at this point in the history 
Signed-off-by: Ceki Gulcu <ceki@qos.ch>
  • Loading branch information
@ceki
ceki committed Nov 27, 2023
1 parent b8eac23 commit 14a71d0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundE
int argArrayLen = in.readInt();

// Prevent DOS attacks via large or negative arrays
if (argArrayLen < 0 || argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) {
if (argArrayLen < NULL_ARGUMENT_ARRAY || argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) {
throw new InvalidObjectException("Argument array length is invalid: " + argArrayLen);
}

Expand Down

0 comments on commit 14a71d0

Please sign in to comment.