Fixed #258

Author: cowtowncoder

Diff for: release-notes/CREDITS-2.x

@@ -167,6 +167,8 @@ Fabian Meumertzheim (fmeum@github)
  (2.12.2)
 * Reported #257: (smile) Uncaught validation problem wrt Smile "BigDecimal" type
  (2.12.3)
+* Reported #258: (smile) ArrayIndexOutOfBoundsException for malformed Smile header
+ (2.12.3)
 
 (jhhladky@github)
 

Diff for: release-notes/VERSION-2.x

@@ -14,6 +14,8 @@ Modules:
 
 #257: (smile) Uncaught validation problem wrt Smile "BigDecimal" type
  (reported by Fabian M)
+#258: (smile) ArrayIndexOutOfBoundsException for malformed Smile header
+ (reported by Fabian M)
 
 2.12.2 (03-Mar-2021)
 

Diff for: smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileParser.java

@@ -157,17 +157,19 @@ protected boolean handleSignature(boolean consumeFirstByte, boolean throwExcepti
         if (consumeFirstByte) {
             ++_inputPtr;
         }
-        if (_nextByteGuaranteed() != SmileConstants.HEADER_BYTE_2) {
+        byte b = _nextByteGuaranteed();
+        if (b != SmileConstants.HEADER_BYTE_2) {
             if (throwException) {
             	_reportError("Malformed content: signature not valid, starts with 0x3a but followed by 0x"
-            			+Integer.toHexString(_inputBuffer[_inputPtr])+", not 0x29");
+                   +Integer.toHexString(b & 0xFF)+", not 0x29");
             }
             return false;
         }
-        if (_nextByteGuaranteed() != SmileConstants.HEADER_BYTE_3) {
+        b = _nextByteGuaranteed();
+        if (b != SmileConstants.HEADER_BYTE_3) {
             if (throwException) {
             	_reportError("Malformed content: signature not valid, starts with 0x3a, 0x29, but followed by 0x"
-            			+Integer.toHexString(_inputBuffer[_inputPtr])+", not 0xA");
+                   +Integer.toHexString(b & 0xFF)+", not 0xA");
             }
             return false;
         }

Diff for: smile/src/test/java/com/fasterxml/jackson/dataformat/smile/fuzz/Fuzz3168BigDecimalTest.java renamed to smile/src/test/java/com/fasterxml/jackson/dataformat/smile/fuzz/Fuzz32168BigDecimalTest.java

@@ -6,7 +6,8 @@
 
 import com.fasterxml.jackson.dataformat.smile.BaseTestForSmile;
 
-public class Fuzz3168BigDecimalTest extends BaseTestForSmile
+// For [dataformats-binary#257]
+public class Fuzz32168BigDecimalTest extends BaseTestForSmile
 {
     private final ObjectMapper MAPPER = smileMapper();
 

Diff for: smile/src/test/java/com/fasterxml/jackson/dataformat/smile/fuzz/Fuzz32169HeaderDecodeTest.java

@@ -0,0 +1,25 @@
+package com.fasterxml.jackson.dataformat.smile.fuzz;
+
+import com.fasterxml.jackson.core.exc.StreamReadException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.smile.BaseTestForSmile;
+
+//For [dataformats-binary#258]
+public class Fuzz32169HeaderDecodeTest extends BaseTestForSmile
+{
+    private final ObjectMapper MAPPER = smileMapper();
+
+    // Payload:
+    public void testInvalidHeader() throws Exception
+    {
+        final byte[] input = new byte[] {
+                0x3A, 0x20 // (broken) smile signature
+        };
+        try {
+            /*JsonNode root =*/ MAPPER.readTree(input);
+            fail("Should not pass");
+        } catch (StreamReadException e) {
+            verifyException(e, "Malformed content: signature not valid, starts with 0x3a but");
+        }
+    }
+}