From 14a71d02102bc5365398ff388cee065eb99ce141 Mon Sep 17 00:00:00 2001 From: Ceki Gulcu Date: Mon, 27 Nov 2023 10:57:58 +0100 Subject: [PATCH] cater for array size marked with -1 Signed-off-by: Ceki Gulcu --- .../main/java/ch/qos/logback/classic/spi/LoggingEventVO.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java b/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java index 4d3e2da0f0..26f4f5cc13 100644 --- a/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java +++ b/logback-classic/src/main/java/ch/qos/logback/classic/spi/LoggingEventVO.java @@ -208,7 +208,7 @@ private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundE int argArrayLen = in.readInt(); // Prevent DOS attacks via large or negative arrays - if (argArrayLen < 0 || argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) { + if (argArrayLen < NULL_ARGUMENT_ARRAY || argArrayLen > ARGUMENT_ARRAY_DESERIALIZATION_LIMIT) { throw new InvalidObjectException("Argument array length is invalid: " + argArrayLen); }