Fix #257

Author: cowtowncoder

release-notes/CREDITS-2.x

@@ -165,6 +165,8 @@ Fabian Meumertzheim (fmeum@github)
 
 * Reported #236: `ArrayIndexOutOfBoundsException` in `CBORParser` for invalid UTF-8 String
  (2.12.2)
+* Reported #257: (smile) Uncaught validation problem wrt Smile "BigDecimal" type
+ (2.12.3)
 
 (jhhladky@github)
 

release-notes/VERSION-2.x

@@ -10,6 +10,11 @@ Modules:
 === Releases ===
 ------------------------------------------------------------------------
 
+2.12.3 (not yet released)
+
+#257: (smile) Uncaught validation problem wrt Smile "BigDecimal" type
+ (reported by Fabian M)
+
 2.12.2 (03-Mar-2021)
 
 #236: (cbor) `ArrayIndexOutOfBoundsException` in `CBORParser` for invalid UTF-8 String

smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileParser.java

@@ -2099,6 +2099,10 @@ private final int _fourBytesToIntSlow()  throws IOException
     private final void _finishBigInteger() throws IOException
     {
         byte[] raw = _read7BitBinaryWithLength();
+        if (raw.length == 0) {
+            // [dataformats-binary#257]: illegal to have 0-length contents
+            _reportError("Invalid encoding of `BigInteger`: length 0");
+        }
         _numberBigInt = new BigInteger(raw);
         _numTypesValid = NR_BIGINT;
         _numberType = NumberType.BIG_INTEGER;
@@ -2141,6 +2145,10 @@ private final void _finishBigDecimal() throws IOException
     {
         int scale = SmileUtil.zigzagDecode(_readUnsignedVInt());
         byte[] raw = _read7BitBinaryWithLength();
+        if (raw.length == 0) {
+            // [dataformats-binary#257]: illegal to have 0-length contents
+            _reportError("Invalid encoding of `BigDecimal` value: length 0");
+        }
         _numberBigDecimal = new BigDecimal(new BigInteger(raw), scale);
         _numTypesValid = NR_BIGDECIMAL;
         _numberType = NumberType.BIG_DECIMAL;

smile/src/test/java/com/fasterxml/jackson/dataformat/smile/fuzz/Fuzz3168BigDecimalTest.java

@@ -0,0 +1,29 @@
+package com.fasterxml.jackson.dataformat.smile.fuzz;
+
+import com.fasterxml.jackson.core.exc.StreamReadException;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import com.fasterxml.jackson.dataformat.smile.BaseTestForSmile;
+
+public class Fuzz3168BigDecimalTest extends BaseTestForSmile
+{
+    private final ObjectMapper MAPPER = smileMapper();
+
+    // Payload:
+    public void testInvalidBigDecimal() throws Exception
+    {
+        final byte[] input = new byte[] {
+                0x3A, 0x29, 0x0A, 0x00, // smile signature
+                0x2A, // BigDecimal
+                (byte) 0xBF, // scale: -32
+                (byte) 0x80 // length: 0 (invalid
+        };
+        try {
+            /*JsonNode root =*/ MAPPER.readTree(input);
+            fail("Should not pass");
+        } catch (StreamReadException e) {
+            verifyException(e, "Invalid encoding of `BigDecimal` value: length 0");
+        }
+    }
+}

smile/src/test/java/com/fasterxml/jackson/dataformat/smile/mapper/BiggerDataParseTest.java

@@ -4,6 +4,7 @@
 import java.util.*;
 
 import com.fasterxml.jackson.databind.*;
+import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.dataformat.smile.BaseTestForSmile;
 
 /**
@@ -79,12 +80,12 @@ static class Area {
     /**********************************************************
      */
 
-	final ObjectMapper JSON_MAPPER = new ObjectMapper();
-	
-	public void testReading() throws Exception
-	{
-		Citm citm0 = JSON_MAPPER.readValue(getClass().getResourceAsStream("/data/citm_catalog.json"),
-				Citm.class);
+    private final ObjectMapper JSON_MAPPER = new JsonMapper();
+
+    public void testReading() throws Exception
+    {
+        Citm citm0 = JSON_MAPPER.readValue(getClass().getResourceAsStream("/data/citm_catalog.json"),
+                Citm.class);
 
 		ObjectMapper smiler = smileMapper(false);
 		byte[] smile = smiler.writeValueAsBytes(citm0);