You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
JsonParser configured to accept non-standard leading plus sign (JsonReadFeature.ALLOW_LEADING_PLUS_SIGN_FOR_NUMBERS)
Content is read using character-based parser (ReaderBasedJsonParser)
Some boundary condition is reached (can emulate with 1-char-at-a-time Reader)
Call is made to JsonParser.getNumberType() (or possibly other number accessors)
there's an AIOOBE with stack trace like:
at com.fasterxml.jackson.core.io.NumberInput.parseInt(NumberInput.java:55)
at com.fasterxml.jackson.core.util.TextBuffer.contentsAsInt(TextBuffer.java:631)
at com.fasterxml.jackson.core.base.ParserBase._parseNumericValue(ParserBase.java:891)
at com.fasterxml.jackson.core.base.ParserBase.getNumberType(ParserBase.java:735)
The text was updated successfully, but these errors were encountered:
cowtowncoder
changed the title
ArrayIndexOutOfBoundsException for specific invalid content, with Reader-backed parserArrayIndexOutOfBoundsException for specific invalid content, with Reader-based parser
Dec 14, 2023
(note: found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61198)
Looks like there is a case where, if:
JsonParser
configured to accept non-standard leading plus sign (JsonReadFeature.ALLOW_LEADING_PLUS_SIGN_FOR_NUMBERS
)ReaderBasedJsonParser
)JsonParser.getNumberType()
(or possibly other number accessors)there's an AIOOBE with stack trace like:
The text was updated successfully, but these errors were encountered: