Integer Overflow or Wraparound
The snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 18.104.22.168, causing a fatal error. The function "shuffle(int input)" in the file "BitShuffle.java" receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled "shuffle" function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a "java.lang.NegativeArraySizeException" exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterward references the shuffled array will assume a bigger size of the array, which might cause exceptions such as "java.lang.ArrayIndexOutOfBoundsException". The same issue exists also when using the "shuffle" functions that receive a double, float, long, and short, each using a different multiplier that may cause the same issue.
CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.