Skip to content

Commit

Permalink
Fix #288
Browse files Browse the repository at this point in the history
  • Loading branch information
cowtowncoder committed Jul 2, 2021
1 parent 622c65b commit 3738654
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2697,6 +2697,11 @@ private final String _decodeShortName(int len) throws IOException

private final String _decodeLongerName(int len) throws IOException
{
// [dataformats-binary#288]: non-canonical length of 0 needs to be
// dealt with
if (len == 0) {
return "";
}
// Do we have enough buffered content to read?
if ((_inputEnd - _inputPtr) < len) {
// or if not, could we read?
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.fasterxml.jackson.dataformat.cbor.fuzz;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;

public class Fuzz288_35750_NonCanonicalNameTest extends CBORTestBase
{
private final ObjectMapper MAPPER = cborMapper();

// [dataformats-binary#288]: non-canonical representation for length of 0
// causing ArrayOutOfBoundsException
public void testInvalidLongName() throws Exception
{
final byte[] input = new byte[] {
(byte) 0x8A,
(byte) 0xAD, 0x7A, 0x00,
0x00, 0x00, 0x00
};

try (JsonParser p = MAPPER.createParser(input)) {
assertToken(JsonToken.START_ARRAY, p.nextToken());
assertToken(JsonToken.START_OBJECT, p.nextToken());
assertToken(JsonToken.FIELD_NAME, p.nextToken());
}
}
}
1 change: 1 addition & 0 deletions release-notes/VERSION-2.x
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Modules:
2.12.4 (not yet released)

#287: (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
#288: (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)

2.12.3 (12-Apr-2021)

Expand Down

0 comments on commit 3738654

Please sign in to comment.