Affected version: 26.4.2 (confirmed still present in 26.5.1)
Component: com.arcadedb.serializer.JavaBinarySerializer
Summary
ObjectInput.read(byte[]) is allowed to return fewer than the array length; the documented "fill the buffer" method is readFully.
ArcadeDB calls in.read(array) and ignores the return.
Code
engine/com/arcadedb/serializer/JavaBinarySerializer.java:128–129
final byte[] array = new byte[propertySize];
in.read(array); // may return short
Impact
Short reads (rare but possible across compressed / networked inputs) produce garbage property bytes; the next property is read from the wrong offset, corrupting the whole record. Compounds with #9.
Suggested fix
in.readFully(array);
Affected version: 26.4.2 (confirmed still present in 26.5.1)
Component:
com.arcadedb.serializer.JavaBinarySerializerSummary
ObjectInput.read(byte[])is allowed to return fewer than the array length; the documented "fill the buffer" method isreadFully.ArcadeDB calls
in.read(array)and ignores the return.Code
engine/com/arcadedb/serializer/JavaBinarySerializer.java:128–129Impact
Short reads (rare but possible across compressed / networked inputs) produce garbage property bytes; the next property is read from the wrong offset, corrupting the whole record. Compounds with #9.
Suggested fix
in.readFully(array);