Comments (6)
correct : if (buf == null || buf.length < len || len - off < 20)
This is incorrect. The following values satisfy the condition, and they shouldn't (the described buffer is valid and should be accepted):
buffer.length = 1000
len = 500
off = 500
The existing code handles this correctly.
from ice4j.
The bytes available are buf[j]
for off <= j < len
. Thus len - off
is the number of bytes available, len + off
is immaterial.
If len == off
(like in the example, which describes a buffer which should be rejected, since no byte is available), buf[off]
and the following bytes are out-of-range. This is not caught by the current error condition (line 166).
For the two calls of the method org.ice4j.ice.harvest.AbstractUdpListener.getUfrag(byte[] buf, int off, int len)
in question, the following two conditions always hold:
len <= buf.length
off == 0
The first condition is reasonable, since the underlying Buffer
may come from a pool, and have space for more more than the len
bytes actually used.
The second condition shows that off
could be removed entirely from the method arguments; otherwise, 0 <= off <= len
is a sensible assumption.
Message.decode(...)
is called in the method in question, and requires 20
bytes to be available, i.e. buf[off], buf[off+1], ..., buf[off + 19]
; thus off + 19 < len
must be ensured, which is 20 <= len - off
.
Hence the following condition must be ensured: buf != null && len <= buf.length && 20 <= len - off
. I confirm thus that the correct error condition (line 166) is, as the logical negation: buf == null || buf.length < len || len - off < 20
.
Note that the correct error condition and the current error condition agree if off == 0
, as is always the case for now. Also note that len - off < 20
is preferred over len < off + 20
, because off + 20
may wrap around and thus be negative.
from ice4j.
@bgrozev You may consider re-opining this issue.
from ice4j.
@flurbi I really like your analysis, however I think your assumptions are wrong.
The bytes available are buf[j] for off <= j < len. Thus len - off is the number of bytes available, len + off is immaterial.
The bytes available are buf[j] for off <= j < off + len because, by design, the number of bytes that are available in the buffer is len
and they start at off
.
from ice4j.
Sorry, I misinterpreted off
, which is always 0
anyway. So perhaps off
can be removed? Or otherwise putting your explanation into a one-line comment may help the next reviewer (I had the assignment to review some libraries we use). Also note that buf.length < off + len
may involve (theoretically at least) an overflow, a reason for using buf.length - len < off
instead.
from ice4j.
In this case 'off' is always 0 and could be removed, but we use this pattern throughout the code, and I think it's pretty standard (e.g. the java DatagramPacket/DatagramSocket interfaces use it), so I don't see it as a problem. If you want to open a PR with improved documentation that would be welcome.
from ice4j.
Related Issues (20)
- Using ice4j behind NLB in a VPC at AWS (Kubernetes) HOT 13
- NullPointerException with multiple network interfaces and NAT HOT 20
- Question: Is NOMINATE_BEST_RTT implemented? HOT 2
- ice4j unmaintained on Maven repo HOT 8
- ConcurrentModificationException HOT 2
- I can't manage to make org.ice4j.ice.harvest.DISABLE_LINK_LOCAL_ADDRESSES work HOT 2
- NullPointerException in MergingDatagraSocket HOT 3
- Java project can't import classes from 3.0-26-gf176d02 HOT 3
- QUESTION: How to connect faster? HOT 1
- Java 17: issues with classes in org.ice4j.socket.jdk8 HOT 3
- TURN(S) TCP support in ice4j HOT 7
- PseudoTcpSocket input stream doesn't support readNBytes
- Random instances of websocket disconnects in jitsi
- ice4j 3.0 does not generate the IPv4 srflx candidate when android device APN is set to IPv4/IPv6 HOT 3
- ice4j 3.0 cannot support video content-add when initial call starts with audio only HOT 2
- Contradicting candidate preferences HOT 1
- Add support of multiple streams with the same media type. HOT 6
- Parsing a Session Description on Android causes a NullPointerException. HOT 7
- unresolved address error while harvesting STUN candidates HOT 3
- Remove all mailinglist dead links HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ice4j.