Avoid integer overflow in MemoryBIO

Author: msimacek

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/MemoryBIO.java

@@ -42,6 +42,7 @@
 
 import java.nio.ByteBuffer;
 
+import com.oracle.graal.python.util.OverflowException;
 import com.oracle.graal.python.util.PythonUtils;
 
 /**
@@ -103,11 +104,11 @@ public void applyWrite(ByteBuffer buffer) {
      * 
      * @param capacity Required capacity in bytes
      */
-    public void ensureWriteCapacity(int capacity) {
+    public void ensureWriteCapacity(int capacity) throws OverflowException {
         if (bytes.length - writePosition < capacity) {
             int pending = getPending();
             if (bytes.length - pending < capacity) {
-                byte[] newBytes = new byte[capacity + pending];
+                byte[] newBytes = new byte[PythonUtils.addExact(capacity, pending)];
                 PythonUtils.arraycopy(bytes, readPosition, newBytes, 0, pending);
                 bytes = newBytes;
             } else {
@@ -138,7 +139,7 @@ public byte[] read(int length) {
      * @param from Data to be written
      * @param length Lenght of data to be written
      */
-    public void write(byte[] from, int length) {
+    public void write(byte[] from, int length) throws OverflowException {
         ensureWriteCapacity(length);
         PythonUtils.arraycopy(from, 0, bytes, writePosition, Math.min(length, from.length));
         writePosition += length;

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/MemoryBIOBuiltins.java

@@ -40,6 +40,7 @@
  */
 package com.oracle.graal.python.builtins.objects.ssl;
 
+import static com.oracle.graal.python.builtins.PythonBuiltinClassType.MemoryError;
 import static com.oracle.graal.python.builtins.PythonBuiltinClassType.SSLError;
 import static com.oracle.graal.python.builtins.PythonBuiltinClassType.TypeError;
 
@@ -59,6 +60,7 @@
 import com.oracle.graal.python.nodes.function.builtins.PythonBinaryClinicBuiltinNode;
 import com.oracle.graal.python.nodes.function.builtins.PythonUnaryBuiltinNode;
 import com.oracle.graal.python.nodes.function.builtins.clinic.ArgumentClinicProvider;
+import com.oracle.graal.python.util.OverflowException;
 import com.oracle.truffle.api.CompilerDirectives;
 import com.oracle.truffle.api.dsl.Fallback;
 import com.oracle.truffle.api.dsl.GenerateNodeFactory;
@@ -131,6 +133,8 @@ int write(PMemoryBIO self, Object buffer,
                 int len = lib.getBufferLength(buffer);
                 self.getBio().write(bytes, len);
                 return len;
+            } catch (OverflowException e) {
+                throw raise(MemoryError);
             } catch (UnsupportedMessageException e) {
                 throw CompilerDirectives.shouldNotReachHere();
             }

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/SSLEngineHelper.java

@@ -40,6 +40,7 @@
  */
 package com.oracle.graal.python.builtins.objects.ssl;
 
+import static com.oracle.graal.python.builtins.PythonBuiltinClassType.MemoryError;
 import static com.oracle.graal.python.builtins.PythonBuiltinClassType.OSError;
 
 import java.io.IOException;
@@ -57,7 +58,9 @@
 import com.oracle.graal.python.builtins.objects.socket.SocketUtils.TimeoutHelper;
 import com.oracle.graal.python.nodes.ErrorMessages;
 import com.oracle.graal.python.nodes.PNodeWithRaise;
+import com.oracle.graal.python.nodes.PRaiseNode;
 import com.oracle.graal.python.runtime.exception.PException;
+import com.oracle.graal.python.util.OverflowException;
 import com.oracle.truffle.api.CompilerDirectives;
 import com.oracle.truffle.api.CompilerDirectives.TruffleBoundary;
 
@@ -308,13 +311,14 @@ private static void loop(PNodeWithRaise node, PSSLSocket socket, ByteBuffer appI
         } catch (IOException e) {
             // TODO better error handling, distinguish SSL errors and socket errors
             throw PRaiseSSLErrorNode.raiseUncached(node, SSLErrorCode.ERROR_SYSCALL, e.toString());
+        } catch (OverflowException | OutOfMemoryError e) {
+            throw PRaiseNode.raiseUncached(node, MemoryError);
         }
         // TODO handle other socket errors (NotYetConnected)
-        // TODO handle OOM
     }
 
     private static SSLEngineResult doUnwrap(SSLEngine engine, MemoryBIO networkInboundBIO, ByteBuffer targetBuffer, MemoryBIO applicationInboundBIO, boolean writeDirectlyToTarget)
-                    throws SSLException {
+                    throws SSLException, OverflowException {
         ByteBuffer readBuffer = networkInboundBIO.getBufferForReading();
         try {
             if (writeDirectlyToTarget) {
@@ -334,7 +338,7 @@ private static SSLEngineResult doUnwrap(SSLEngine engine, MemoryBIO networkInbou
         }
     }
 
-    private static SSLEngineResult doWrap(SSLEngine engine, ByteBuffer appInput, MemoryBIO networkOutboundBIO, int netBufferSize) throws SSLException {
+    private static SSLEngineResult doWrap(SSLEngine engine, ByteBuffer appInput, MemoryBIO networkOutboundBIO, int netBufferSize) throws SSLException, OverflowException {
         networkOutboundBIO.ensureWriteCapacity(netBufferSize);
         ByteBuffer writeBuffer = networkOutboundBIO.getBufferForWriting();
         try {
@@ -351,7 +355,7 @@ private static PException handleSSLException(PNodeWithRaise node, SSLException e
         throw PRaiseSSLErrorNode.raiseUncached(node, SSLErrorCode.ERROR_SSL, e.toString());
     }
 
-    private static int obtainMoreInput(PNodeWithRaise node, SSLEngine engine, MemoryBIO networkInboundBIO, PSocket socket, TimeoutHelper timeoutHelper) throws IOException {
+    private static int obtainMoreInput(PNodeWithRaise node, SSLEngine engine, MemoryBIO networkInboundBIO, PSocket socket, TimeoutHelper timeoutHelper) throws IOException, OverflowException {
         if (socket != null) {
             if (socket.getSocket() == null) {
                 // TODO use raiseOsError with ENOTCONN