Skip to content

Commit 9b82247

Browse files
cowtowncodercowtowncoder
committed
Fixed #261 (CBOR, BigInteger)
1 parent e35d4a0 commit 9b82247

File tree

5 files changed

+38
-6
lines changed

5 files changed

+38
-6
lines changed

cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java

+9-4
Original file line numberDiff line numberDiff line change
@@ -851,11 +851,16 @@ protected JsonToken _handleTaggedBinary(int tag) throws IOException
851851
// First: get the data
852852
_finishToken();
853853

854-
BigInteger nr = new BigInteger(_binaryValue);
855-
if (neg) {
856-
nr = nr.negate();
854+
// [dataformats-binar#261]: handle this special case
855+
if (_binaryValue.length == 0) {
856+
_numberBigInt = BigInteger.ZERO;
857+
} else {
858+
BigInteger nr = new BigInteger(_binaryValue);
859+
if (neg) {
860+
nr = nr.negate();
861+
}
862+
_numberBigInt = nr;
857863
}
858-
_numberBigInt = nr;
859864
_numTypesValid = NR_BIGINT;
860865
_tagValue = -1;
861866
return (_currToken = JsonToken.VALUE_NUMBER_INT);

cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz32173ShortTextTest.java renamed to cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz32173LongTextTest.java

+1-2
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;
88

9-
public class Fuzz32173ShortTextTest extends CBORTestBase
9+
public class Fuzz32173LongTextTest extends CBORTestBase
1010
{
1111
private final ObjectMapper MAPPER = cborMapper();
1212

@@ -23,5 +23,4 @@ public void testInvalidShortText() throws Exception
2323
verifyException(e, "Unexpected end-of-input in VALUE_STRING");
2424
}
2525
}
26-
2726
}

cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz32250BigIntegerTest.java

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
package com.fasterxml.jackson.dataformat.cbor.fuzz;
2+
3+
import java.math.BigInteger;
4+
5+
import com.fasterxml.jackson.databind.JsonNode;
6+
import com.fasterxml.jackson.databind.ObjectMapper;
7+
import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;
8+
9+
public class Fuzz32250BigIntegerTest extends CBORTestBase
10+
{
11+
private final ObjectMapper MAPPER = cborMapper();
12+
13+
public void testInvalidShortText() throws Exception
14+
{
15+
final byte[] input = new byte[] {
16+
(byte) 0xC3,
17+
0x5F, (byte) 0xFF
18+
};
19+
JsonNode root = MAPPER.readTree(input);
20+
assertTrue(root.isNumber());
21+
assertTrue(root.isBigInteger());
22+
assertEquals(BigInteger.ZERO, root.bigIntegerValue());
23+
}
24+
}

release-notes/CREDITS-2.x

+2
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,8 @@ Fabian Meumertzheim (fmeum@github)
172172
* Reported #259: (cbor) Failed to handle case of alleged String with length of
173173
Integer.MAX_VALUE
174174
(2.12.3)
175+
* Reported #261 (cbor) CBORParser need to validate zero-length byte[] for BigInteger
176+
(2.12.3)
175177

176178
(jhhladky@github)
177179

release-notes/VERSION-2.x

+2
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ Modules:
1818
(reported by Fabian M)
1919
#259: (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE
2020
(reported by Fabian M)
21+
#261 (cbor) CBORParser need to validate zero-length byte[] for BigInteger
22+
(reported by Fabian M)
2123

2224
2.12.2 (03-Mar-2021)
2325

0 commit comments

Comments
 (0)