cater for array size marked with -1

ceki · ceki · commit 14a71d02102b · 2023-11-27T11:03:01.000+01:00
Signed-off-by: Ceki Gulcu &lt;ceki@qos.ch&gt;
diff --git a/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java b/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java
@@ -208,7 +208,7 @@ private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundE
         int argArrayLen = in.readInt();
 
         // Prevent DOS attacks via large or negative arrays
-        if (argArrayLen < 0 || argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) {
+        if (argArrayLen < NULL_ARGUMENT_ARRAY || argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) {
             throw new InvalidObjectException("Argument array length is invalid: " + argArrayLen);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -208,7 +208,7 @@ private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundE`
`208`	`208`	`int argArrayLen = in.readInt();`
`209`	`209`
`210`	`210`	`// Prevent DOS attacks via large or negative arrays`
`211`		`- if (argArrayLen < 0 \|\| argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) {`
	`211`	`+ if (argArrayLen < NULL_ARGUMENT_ARRAY \|\| argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) {`
`212`	`212`	`throw new InvalidObjectException("Argument array length is invalid: " + argArrayLen);`
`213`	`213`	`}`
`214`	`214`