Merge pull request from GHSA-pqr6-cmr2-h8hf

* Fixed integer overflow by checking if multiplication result is smaller than original value

* Fixed integer overflow by checking if multiplication result is smaller than original value

* Fixed integer overflow by checking if multiplication result is smaller than original value

* imporved error messages and added happy and sad cases for unit test in SnappyTest.java

* switched SnappyError into ILLEGAL_ARGUMENT in SnappyErrorCode.java and Snappy.java

* wrote new and updated unit test methods

* updated comments in SnappyTest.java

* Fixed and updated unit tests in SnappyTest.java

Author: aidancch

src/main/java/org/xerial/snappy/BitShuffle.java

@@ -91,6 +91,9 @@ public static int shuffle(ByteBuffer input, BitShuffleType type, ByteBuffer shuf
      * @throws IOException
      */
     public static byte[] shuffle(short[] input) throws IOException {
+        if (input.length * 2 < input.length) {
+            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
+        }
         byte[] output = new byte[input.length * 2];
         int numProcessed = impl.shuffle(input, 0, 2, input.length * 2, output, 0);
         assert(numProcessed == input.length * 2);
@@ -105,6 +108,9 @@ public static byte[] shuffle(short[] input) throws IOException {
      * @throws IOException
      */
     public static byte[] shuffle(int[] input) throws IOException {
+        if (input.length * 4 < input.length) {
+            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
+        }
         byte[] output = new byte[input.length * 4];
         int numProcessed = impl.shuffle(input, 0, 4, input.length * 4, output, 0);
         assert(numProcessed == input.length * 4);
@@ -119,6 +125,9 @@ public static byte[] shuffle(int[] input) throws IOException {
      * @throws IOException
      */
     public static byte[] shuffle(long[] input) throws IOException {
+        if (input.length * 8 < input.length) {
+            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
+        }
         byte[] output = new byte[input.length * 8];
         int numProcessed = impl.shuffle(input, 0, 8, input.length * 8, output, 0);
         assert(numProcessed == input.length * 8);
@@ -133,6 +142,9 @@ public static byte[] shuffle(long[] input) throws IOException {
      * @throws IOException
      */
     public static byte[] shuffle(float[] input) throws IOException {
+        if (input.length * 4 < input.length) {
+            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
+        }
         byte[] output = new byte[input.length * 4];
         int numProcessed = impl.shuffle(input, 0, 4, input.length * 4, output, 0);
         assert(numProcessed == input.length * 4);
@@ -147,6 +159,9 @@ public static byte[] shuffle(float[] input) throws IOException {
      * @throws IOException
      */
     public static byte[] shuffle(double[] input) throws IOException {
+        if (input.length * 8 < input.length) {
+            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
+        }
         byte[] output = new byte[input.length * 8];
         int numProcessed = impl.shuffle(input, 0, 8, input.length * 8, output, 0);
         assert(numProcessed == input.length * 8);

src/main/java/org/xerial/snappy/SnappyErrorCode.java

@@ -42,7 +42,8 @@ public enum SnappyErrorCode
     EMPTY_INPUT(6),
     INCOMPATIBLE_VERSION(7),
     INVALID_CHUNK_SIZE(8),
-    UNSUPPORTED_PLATFORM(9);
+    UNSUPPORTED_PLATFORM(9),
+    TOO_LARGE_INPUT(10);
 
     public final int id;
 

src/test/java/org/xerial/snappy/SnappyTest.java

@@ -329,4 +329,62 @@ public void isValidCompressedData()
             _logger.debug(e);
         }
     }
+
+    /*
+    Tests happy cases for BitShuffle.shuffle method
+    - double: 0, 10
+    - float: 0, 10
+    - int: 0, 10
+    - long: 0, 10
+    - short: 0, 10
+     */
+    @Test
+    public void isValidArrayInputLengthForBitShuffleShuffle()
+            throws Exception
+    {
+        byte[] b = BitShuffle.shuffle(new double[0]);
+        byte[] c = BitShuffle.shuffle(new float[0]);
+        byte[] d = BitShuffle.shuffle(new int[0]);
+        byte[] e = BitShuffle.shuffle(new long[0]);
+        byte[] f = BitShuffle.shuffle(new short[0]);
+        byte[] n = BitShuffle.shuffle(new double[10]);
+        byte[] o = BitShuffle.shuffle(new float[10]);
+        byte[] p = BitShuffle.shuffle(new int[10]);
+        byte[] q = BitShuffle.shuffle(new long[10]);
+        byte[] r = BitShuffle.shuffle(new short[10]);
+    }
+
+    /*
+    Tests sad cases for BitShuffle.shuffle method
+    - Allocate a buffer whose byte size will be a bit larger than Integer.MAX_VALUE
+    - double: 8
+    - float: 4
+    - int: 4
+    - long: 8
+    - short: 2
+     */
+    @Test(expected = SnappyError.class)
+    public void isTooLargeDoubleArrayInputLengthForBitShuffleShuffle() throws Exception {
+        BitShuffle.shuffle(new double[Integer.MAX_VALUE / 8 + 1]);
+    }
+
+    @Test(expected = SnappyError.class)
+    public void isTooLargeFloatArrayInputLengthForBitShuffleShuffle() throws Exception {
+        BitShuffle.shuffle(new float[Integer.MAX_VALUE / 4 + 1]);
+    }
+
+    @Test(expected = SnappyError.class)
+    public void isTooLargeIntArrayInputLengthForBitShuffleShuffle() throws Exception {
+        BitShuffle.shuffle(new float[Integer.MAX_VALUE / 4 + 1]);
+    }
+
+    @Test(expected = SnappyError.class)
+    public void isTooLargeLongArrayInputLengthForBitShuffleShuffle() throws Exception {
+        BitShuffle.shuffle(new long[Integer.MAX_VALUE / 8 + 1]);
+    }
+
+    @Test(expected = SnappyError.class)
+    public void isTooLargeShortArrayInputLengthForBitShuffleShuffle() throws Exception {
+        BitShuffle.shuffle(new short[Integer.MAX_VALUE / 2 + 1]);
+    }
 }