Fixes ByteArrayIndexInput::validatePos and adds UT (opensearch-projec…

…t#10551) * Prevent read beyond slice boundary in ByteArrayIndexInput Signed-off-by: Paras Jain <parasjaz@amazon.com> * Fix spotless errors Signed-off-by: Andrew Ross <andrross@amazon.com> --------- Signed-off-by: Paras Jain <parasjaz@amazon.com> Signed-off-by: Andrew Ross <andrross@amazon.com> Co-authored-by: Paras Jain <parasjaz@amazon.com> Co-authored-by: Andrew Ross <andrross@amazon.com>
rayshrey · Mar 18, 2024 · 67163ad · 67163ad
1 parent fd1474f
commit 67163ad
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -115,6 +115,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Fixed
 - Fix for deserilization bug in weighted round-robin metadata ([#11679](https://github.com/opensearch-project/OpenSearch/pull/11679))
 - Add a system property to configure YamlParser codepoint limits ([#12298](https://github.com/opensearch-project/OpenSearch/pull/12298))
+- Prevent read beyond slice boundary in ByteArrayIndexInput ([#10481](https://github.com/opensearch-project/OpenSearch/issues/10481))
 
 ### Security
 

diff --git a/server/src/main/java/org/opensearch/common/lucene/store/ByteArrayIndexInput.java b/server/src/main/java/org/opensearch/common/lucene/store/ByteArrayIndexInput.java
@@ -144,7 +144,7 @@ public long readLong(long pos) throws IOException {
     }
 
     private void validatePos(long pos, int len) throws EOFException {
-        if (pos < 0 || pos + len > length + offset) {
+        if (pos < 0 || pos + len > length) {
             throw new EOFException("seek past EOF");
         }
     }

diff --git a/server/src/test/java/org/opensearch/common/lucene/store/ByteArrayIndexInputTests.java b/server/src/test/java/org/opensearch/common/lucene/store/ByteArrayIndexInputTests.java
@@ -32,6 +32,8 @@
 
 package org.opensearch.common.lucene.store;
 
+import org.apache.lucene.store.IndexInput;
+
 import java.io.EOFException;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -153,4 +155,34 @@ public void testRandomAccessReads() throws IOException {
         // 10001001 00100101 10001001 00110000 11100111 00100100 10110001 00101110
         assertEquals(-8564288273245753042L, indexInput.readLong(1));
     }
+
+    public void testReadBytesWithSlice() throws IOException {
+        int inputLength = randomIntBetween(100, 1000);
+
+        byte[] input = randomUnicodeOfLength(inputLength).getBytes(StandardCharsets.UTF_8);
+        ByteArrayIndexInput indexInput = new ByteArrayIndexInput("test", input);
+
+        int sliceOffset = randomIntBetween(1, inputLength - 10);
+        int sliceLength = randomIntBetween(2, inputLength - sliceOffset);
+        IndexInput slice = indexInput.slice("slice", sliceOffset, sliceLength);
+
+        // read a byte from sliced index input and verify if the read value is correct
+        assertEquals(input[sliceOffset], slice.readByte());
+
+        // read few more bytes into a byte array
+        int bytesToRead = randomIntBetween(1, sliceLength - 1);
+        slice.readBytes(new byte[bytesToRead], 0, bytesToRead);
+
+        // now try to read beyond the boundary of the slice, but within the
+        // boundary of the original IndexInput. We've already read few bytes
+        // so this is expected to fail
+        assertThrows(EOFException.class, () -> slice.readBytes(new byte[sliceLength], 0, sliceLength));
+
+        // seek to EOF and then try to read
+        slice.seek(sliceLength);
+        assertThrows(EOFException.class, () -> slice.readBytes(new byte[1], 0, 1));
+
+        slice.close();
+        indexInput.close();
+    }
 }