Skip to content

Fixes a bug that allowed NegativeArraySizeException to be thrown from IonReader.newBytes().#705

Merged
tgregg merged 1 commit intomasterfrom
lob-nase
Feb 2, 2024
Merged

Fixes a bug that allowed NegativeArraySizeException to be thrown from IonReader.newBytes().#705
tgregg merged 1 commit intomasterfrom
lob-nase

Conversation

@tgregg
Copy link
Contributor

@tgregg tgregg commented Jan 25, 2024

Issue #, if available:
FasterXML/jackson-dataformats-binary#469

Description of changes:
A value's end index is calculated by adding the reader's current index in the buffer (peekIndex) to the value's declared length. Before this fix, the validation for a too-large end index (endIndex < 0) happened too early (before peekIndex had been added). This allowed for the possibility that a very large but valid value length could overflow when peekIndex was added, as exercised by the added test. When this happened for blob/clob values, IonReader.byteSize() would return a negative number, causing NegativeArraySizeException to be thrown from IonReader.newBytes(). After the fix, the reader throws IonException upon encountering the overflowing end index.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@codecov
Copy link

codecov bot commented Jan 25, 2024
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (3c1b6b1) 67.23% compared to head (cea1ee8) 67.24%.
Report is 3 commits behind head on master.

❗ Current head cea1ee8 differs from pull request most recent head 5305a78. Consider uploading reports for the commit 5305a78 to get more accurate results

Files Patch % Lines
...main/java/com/amazon/ion/impl/IonCursorBinary.java 88.88% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master     #705      +/-   ##
============================================
+ Coverage     67.23%   67.24%   +0.01%     
- Complexity     5484     5486       +2     
============================================
  Files           159      159              
  Lines         23025    23027       +2     
  Branches       4126     4126              
============================================
+ Hits          15481    15485       +4     
  Misses         6262     6262              
+ Partials       1282     1280       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@tgregg tgregg merged commit b338ae0 into master Feb 2, 2024
@tgregg tgregg deleted the lob-nase branch February 2, 2024 00:58
@tgregg tgregg mentioned this pull request Mar 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jobarr-amzn jobarr-amzn jobarr-amzn approved these changes

+1 more reviewer

@zslayton zslayton zslayton approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tgregg @zslayton @jobarr-amzn