Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UTF8StreamJsonParser: fix byte to int conversion for malformed escapes #540

Closed
wants to merge 1 commit into from
Closed

UTF8StreamJsonParser: fix byte to int conversion for malformed escapes #540

wants to merge 1 commit into from

Conversation

alpire
Copy link

@alpire alpire commented Jun 21, 2019

This change ensures that the byte-to-int conversion results in a positive integer. Prior to this, the conversion could result to a negative integer when the byte was >= 0x80, which would lead to an ArrayIndexOutOfBoundsException when calling CharTypes.charToHex(ch).

The issue can be reproduced with the following snippet: factory.createParser(ObjectReadContext.empty(), "\"\\u\u0080\"".getBytes("UTF-8").nextToken().

Traceback:

java.lang.ArrayIndexOutOfBoundsException: -62
	at com.fasterxml.jackson.core.io.CharTypes.charToHex(CharTypes.java:213)
	at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._decodeEscaped(UTF8StreamJsonParser.java:3606)
	at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._skipString(UTF8StreamJsonParser.java:2888)
	at com.fasterxml.jackson.core.json.UTF8StreamJsonParser.nextToken(UTF8StreamJsonParser.java:685)

I'd be happy to add this testcase to the tests if you point me to the right test file.

@alpire
UTF8StreamJsonParser: fix byte to int conversion
2bd0d28 
This change ensures that the byte-to-int conversion results in a positive integer. Prior to this, the conversion could result to a negative integer when the byte was >= 0x80, which would lead to an ArrayIndexOutOfBoundsException when calling CharTypes.charToHex(ch).

The issue could be reproduced with the following snippet: `factory.createParser(ObjectReadContext.empty(), "\"\\u\u0080\"".getBytes("UTF-8").nextToken()`.

Traceback:
```
java.lang.ArrayIndexOutOfBoundsException: -62
	at com.fasterxml.jackson.core.io.CharTypes.charToHex(CharTypes.java:213)
	at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._decodeEscaped(UTF8StreamJsonParser.java:3606)
	at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._skipString(UTF8StreamJsonParser.java:2888)
	at com.fasterxml.jackson.core.json.UTF8StreamJsonParser.nextToken(UTF8StreamJsonParser.java:685)
```
@cowtowncoder
Copy link
Member

Looks legit, thank you for reporting this, contributing patch!

Due to long list of open issues (plus my vacation later this week) it may take a while to get this merged, but it will get done eventually.

@cowtowncoder cowtowncoder changed the title UTF8StreamJsonParser: fix byte to int conversion UTF8StreamJsonParser: fix byte to int conversion for malformed escapes Jul 17, 2019
@cowtowncoder cowtowncoder removed the 2.10 label Jul 17, 2019
@cowtowncoder cowtowncoder added this to the 2.9.10 milestone Jul 17, 2019
cowtowncoder added a commit that referenced this pull request Jul 17, 2019
@cowtowncoder
Fix #540
e473e99
@cowtowncoder
Copy link
Member

@alpire Thank you again -- I merged this manually to backport in 2.9, added a simple test as suggested. Will be in 2.9.10 / 2.10.0.

@alpire alpire deleted the patch-1 branch July 17, 2019 19:29
cowtowncoder added a commit that referenced this pull request Sep 4, 2019
@cowtowncoder
Add a co-credit for reporting #540
7444dd8
@cowtowncoder cowtowncoder mentioned this pull request Nov 8, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.9.10
Development

Successfully merging this pull request may close these issues.
2 participants
@alpire @cowtowncoder