fix: Improve bounds checking on integer conversions (#8619)

This change improves the handling of values which could cause int32 values of over/underflow leading to undefined behavior.

TRI-557

Author: whoisj

src/http_server.cc

@@ -603,17 +603,19 @@ ReadDataFromJsonHelper(
         break;
       }
       case TRITONSERVER_TYPE_BYTES: {
-        const char* cstr;
-        size_t len = 0;
+        const char* cstr{nullptr};
+        size_t len{0};
         RETURN_IF_ERR(tensor_data.AsString(&cstr, &len));
-        // Quick sanity check to ensure we don't write beyond `expected_cnt`.
-        int32_t actual_cnt = *counter + len + sizeof(uint32_t);
-        if (actual_cnt < 0) {
+        if (len > INT64_MAX) {
           return TRITONSERVER_ErrorNew(
               TRITONSERVER_ERROR_INTERNAL,
-              "Unable to parse 'data' field: string length is negative");
+              "Tensor size is too large to be processed");
         }
-        if (static_cast<int64_t>(actual_cnt) > expected_cnt) {
+        // Quick sanity check to ensure we don't write beyond `expected_cnt`.
+        int64_t actual_cnt = static_cast<int64_t>(*counter) +
+                             static_cast<int64_t>(len) +
+                             static_cast<int64_t>(sizeof(uint32_t));
+        if (actual_cnt < 0 || actual_cnt > expected_cnt) {
           return TRITONSERVER_ErrorNew(
               TRITONSERVER_ERROR_INTERNAL,
               "Shape does not match true shape of 'data' field");