Avoid presizing arrays.

RELNOTES=Fixed Denial of Service vulnerability for servers that use Guava and deserialize attacker data: [CVE-2018-10237](https://github.com/google/guava/wiki/CVE-2018-10237). ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=194113840
google · Apr 25, 2018 · f89ece5 · f89ece5
1 parent 5d8209c
commit f89ece5
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 11 deletions.
diff --git a/android/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java b/android/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
@@ -17,6 +17,7 @@
 import static java.lang.Double.longBitsToDouble;
 
 import com.google.common.annotations.GwtIncompatible;
+import com.google.common.primitives.ImmutableLongArray;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import java.util.concurrent.atomic.AtomicLongArray;
 
@@ -247,13 +248,11 @@ private void readObject(java.io.ObjectInputStream s)
       throws java.io.IOException, ClassNotFoundException {
     s.defaultReadObject();
 
-    // Read in array length and allocate array
     int length = s.readInt();
-    this.longs = new AtomicLongArray(length);
-
-    // Read in all elements in the proper order.
+    ImmutableLongArray.Builder builder = ImmutableLongArray.builder();
     for (int i = 0; i < length; i++) {
-      set(i, s.readDouble());
+      builder.add(doubleToRawLongBits(s.readDouble()));
     }
+    this.longs = new AtomicLongArray(builder.build().toArray());
   }
 }
diff --git a/guava-gwt/src/com/google/common/collect/CompoundOrdering_CustomFieldSerializer.java b/guava-gwt/src/com/google/common/collect/CompoundOrdering_CustomFieldSerializer.java
@@ -36,7 +36,7 @@ public static void deserialize(SerializationStreamReader reader, CompoundOrderin
   public static CompoundOrdering<Object> instantiate(SerializationStreamReader reader)
       throws SerializationException {
     int n = reader.readInt();
-    List<Comparator<Object>> comparators = new ArrayList<>(n);
+    List<Comparator<Object>> comparators = new ArrayList<>();
     for (int i = 0; i < n; i++) {
       comparators.add((Comparator<Object>) reader.readObject());
     }

diff --git a/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java b/guava/src/com/google/common/util/concurrent/AtomicDoubleArray.java
@@ -17,6 +17,7 @@
 import static java.lang.Double.longBitsToDouble;
 
 import com.google.common.annotations.GwtIncompatible;
+import com.google.common.primitives.ImmutableLongArray;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import java.util.concurrent.atomic.AtomicLongArray;
 
@@ -247,13 +248,11 @@ private void readObject(java.io.ObjectInputStream s)
       throws java.io.IOException, ClassNotFoundException {
     s.defaultReadObject();
 
-    // Read in array length and allocate array
     int length = s.readInt();
-    this.longs = new AtomicLongArray(length);
-
-    // Read in all elements in the proper order.
+    ImmutableLongArray.Builder builder = ImmutableLongArray.builder();
     for (int i = 0; i < length; i++) {
-      set(i, s.readDouble());
+      builder.add(doubleToRawLongBits(s.readDouble()));
     }
+    this.longs = new AtomicLongArray(builder.build().toArray());
   }
 }