Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explicit bounds checks for JsonGenerator methods that take byte[]/char[]/String-with-offsets input #811

Closed
cowtowncoder opened this issue Aug 13, 2022 · 0 comments
Closed

Add explicit bounds checks for JsonGenerator methods that take byte[]/char[]/String-with-offsets input #811

cowtowncoder opened this issue Aug 13, 2022 · 0 comments
Labels
2.14 Issue planned (at earliest) for 2.14 oss-fuzz Issue uncovered by oss-fuzz fuzzer
Milestone
2.14.0

Comments

@cowtowncoder
Copy link
Member

(note: inspired by issues like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50065 uncovered by oss-fuzz)

Currently many of the write methods, like:

    public void writeRaw(char[] text, int offset, int len);

in JsonGenerator do not explicitly check validity of offset and len wrt to input buffer (text).
So they will fail for things like ArrayIndexOutOfBounds exception, possibly after writing some of the content.
It would make more sense to validate bounds first and give meaningful exception instead (StreamWriteException).
@cowtowncoder cowtowncoder added 2.14 Issue planned (at earliest) for 2.14 oss-fuzz Issue uncovered by oss-fuzz fuzzer labels Aug 13, 2022
cowtowncoder added a commit that referenced this issue Aug 13, 2022
@cowtowncoder
Start work on #811 by adding skeletal unit tests
8ca8486
cowtowncoder added a commit that referenced this issue Aug 13, 2022
@cowtowncoder
Continue work on #811 (bounds check adds)
425da97
@cowtowncoder cowtowncoder added this to the 2.14.0 milestone Aug 13, 2022
cowtowncoder added a commit that referenced this issue Aug 13, 2022
@cowtowncoder
More coverage wrt #811, improved checks
8d70e30
@cowtowncoder cowtowncoder mentioned this issue Aug 14, 2022
Closed
cowtowncoder added a commit that referenced this issue Aug 15, 2022
@cowtowncoder
Further improvements for #811
bc59dcc
@cowtowncoder cowtowncoder mentioned this issue Aug 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.14 Issue planned (at earliest) for 2.14 oss-fuzz Issue uncovered by oss-fuzz fuzzer
Projects
None yet
Milestone
2.14.0
Development

No branches or pull requests
1 participant
@cowtowncoder