Fix #578: non-blocking path still had potential problem, but changed …

…method itself to be safer
FasterXML · Nov 8, 2019 · da5365e · da5365e
1 parent db0f586
commit da5365e
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 7 deletions.
diff --git a/release-notes/CREDITS-2.x b/release-notes/CREDITS-2.x
@@ -116,9 +116,12 @@ Arnaud Roger (arnaudroger@github)
   * Contributed #359: FilteringGeneratorDelegate does not override writeStartObject(Object forValue)
    (2.8.8)
 
-Wil Selwood (wselwood@github)
+
+Emily Selwood (emilyselwood@github)
   * Reported #382: ArrayIndexOutOfBoundsException from UTF32Reader.read on invalid input
    (2.8.9)
+  * Reported #578: Array index out of bounds in hex lookup
+   (2.10.1)
 
 Alex Yursha (AlexYursha@github)
   * Contributed #312: Add `JsonProcessingException.clearLocation()` to allow clearing

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -20,6 +20,8 @@ JSON library.
  (reported by wastevenson@github, fix contributed by Todd O'B
 #567: Add `uses` for `ObjectCodec` in module-info
  (reported by Marc M)
+#578: Array index out of bounds in hex lookup
+ (reported by Emily S)
 
 2.10.0 (26-Sep-2019)
 

diff --git a/src/main/java/com/fasterxml/jackson/core/io/CharTypes.java b/src/main/java/com/fasterxml/jackson/core/io/CharTypes.java
@@ -174,11 +174,13 @@ public final class CharTypes
     }
 
     /**
-     * Lookup table for the first 128 Unicode characters (7-bit ASCII)
+     * Lookup table for the first 256 Unicode characters (ASCII / UTF-8)
      * range. For actual hex digits, contains corresponding value;
      * for others -1.
+     *<p>
+     * NOTE: before 2.10.1, was of size 128, extended for simpler handling
      */
-    private final static int[] sHexValues = new int[128];
+    private final static int[] sHexValues = new int[256];
     static {
         Arrays.fill(sHexValues, -1);
         for (int i = 0; i < 10; ++i) {
@@ -223,7 +225,9 @@ public static int[] get7BitOutputEscapes(int quoteChar) {
 
     public static int charToHex(int ch)
     {
-        return (ch > 127) ? -1 : sHexValues[ch];
+        // 08-Nov-2019, tatu: As per [core#540] and [core#578], changed to
+        //   force masking here so caller need not do that.
+        return sHexValues[ch & 0xFF];
     }
 
     public static void appendQuoted(StringBuilder sb, String content)

diff --git a/src/main/java/com/fasterxml/jackson/core/json/UTF8StreamJsonParser.java b/src/main/java/com/fasterxml/jackson/core/json/UTF8StreamJsonParser.java
@@ -3281,10 +3281,10 @@ protected char _decodeEscaped() throws IOException
                     _reportInvalidEOF(" in character escape sequence", JsonToken.VALUE_STRING);
                 }
             }
-            int ch = _inputBuffer[_inputPtr++] & 0xFF;
+            int ch = _inputBuffer[_inputPtr++];
             int digit = CharTypes.charToHex(ch);
             if (digit < 0) {
-                _reportUnexpectedChar(ch, "expected a hex-digit for character escape sequence");
+                _reportUnexpectedChar(ch & 0xFF, "expected a hex-digit for character escape sequence");
             }
             value = (value << 4) | digit;
         }

diff --git a/src/main/java/com/fasterxml/jackson/core/json/async/NonBlockingJsonParser.java b/src/main/java/com/fasterxml/jackson/core/json/async/NonBlockingJsonParser.java
@@ -2352,7 +2352,7 @@ private int _decodeSplitEscaped(int value, int bytesRead) throws IOException
         while (true) {
             int digit = CharTypes.charToHex(c);
             if (digit < 0) {
-                _reportUnexpectedChar(c, "expected a hex-digit for character escape sequence");
+                _reportUnexpectedChar(c & 0xFF, "expected a hex-digit for character escape sequence");
             }
             value = (value << 4) | digit;
             if (++bytesRead == 4) {