Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StringIndexOutOfBoundsException in JSONPathParser.next #3719

Open
fmeum opened this issue Apr 15, 2021 · 2 comments · May be fixed by #3834
Open

StringIndexOutOfBoundsException in JSONPathParser.next #3719

fmeum opened this issue Apr 15, 2021 · 2 comments · May be fixed by #3834

Comments

@fmeum
Copy link
Contributor

fmeum commented Apr 15, 2021
edited

(from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32371)

The following reproducer:

import java.util.Base64;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONException;

public class FastJsonCrash {
    public static String btoa(String base64) {
        return new String(Base64.getDecoder().decode(base64));
    }
    public static void main(String[] args) {
        try {
            JSON.parse(btoa("ewogICAgICJzdGFvbnMiOiBbCiAgICAgewogICAgICIkcmVmIjogIi4gICJocmVmIi97VA=="));
        } catch (JSONException unused) {
        }
    }
}

throws this exception with the current master branch of fastjson:

java.lang.StringIndexOutOfBoundsException: String index out of range: 3
	at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
	at java.base/java.lang.String.charAt(String.java:709)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.next(JSONPath.java:911)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.skipWhitespace(JSONPath.java:1038)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.readName(JSONPath.java:1904)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.readSegement(JSONPath.java:983)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.explain(JSONPath.java:1975)
	at com.alibaba.fastjson.JSONPath.init(JSONPath.java:87)
	at com.alibaba.fastjson.JSONPath.isRef(JSONPath.java:94)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:458)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parseArray(DefaultJSONParser.java:1246)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:533)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1427)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1393)
	at com.alibaba.fastjson.JSON.parse(JSON.java:181)
	at com.alibaba.fastjson.JSON.parse(JSON.java:191)
	at com.alibaba.fastjson.JSON.parse(JSON.java:147)
	at FastJsonCrash.main(FastJsonCrash.java:12)
@Certseeds
Copy link
Contributor

看来 #3631 没把问题都解决掉...

@fmeum
Copy link
Contributor Author

fmeum commented Apr 17, 2021

看来 #3631 没把问题都解决掉...

OSS-Fuzz has found a couple more bugs in fastjson. @wenshao has access to them at e.g. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32371.

If other maintainers would like to get access to these bug reports, they could add themselves to the list at https://github.com/google/oss-fuzz/pull/5373/files#diff-de1d9d931afd47b420363a2c5adcece244da7e22b1b01bcaaa7d116ceff3e660R3-R5 or let me add them.

Certseeds added a commit to Certseeds/fastjson that referenced this issue Apr 19, 2021
@Certseeds
add testcase and fix alibaba#3719
da07c19 
</subject>

Branch: issue3719

<type>:
- [x] Bug fix
- [ ] Bug fix (Test)
- [ ] New feature
- [x] New Test Case
- [ ] Breaking change
- [ ] Documentation update
- [ ] This change requires a documentation update

<body>
just add a judgement in the `public final void skipWhitespace()`
<footer>

Signed-off-by: Certseeds <51754303+Certseeds@users.noreply.github.com>
@Certseeds Certseeds mentioned this issue Apr 19, 2021
Closed
2 tasks
Certseeds added a commit to Certseeds/fastjson that referenced this issue Jul 10, 2021
@Certseeds
add a !isEOF() to fix alibaba#3719
795afe5 
</subject>

Branch: issue3719-2nd

<type>:
- [x] Bug fix
- [ ] Bug fix (Test)
- [ ] New feature
- [x] New Test Case
- [ ] Breaking change
- [ ] Documentation update
- [ ] This change requires a documentation update

<body>

<footer>

Signed-off-by: Certseeds <51754303+Certseeds@users.noreply.github.com>
Certseeds added a commit to Certseeds/fastjson that referenced this issue Jul 10, 2021
@Certseeds
add a !isEOF() to fix alibaba#3719
7c5f2ad 
</subject>

Branch: issue3719-2nd

<type>:
- [x] Bug fix
- [ ] Bug fix (Test)
- [ ] New feature
- [x] New Test Case
- [ ] Breaking change
- [ ] Documentation update
- [ ] This change requires a documentation update

<body>

<footer>

Signed-off-by: Certseeds <51754303+Certseeds@users.noreply.github.com>
@Certseeds Certseeds linked a pull request Jul 10, 2021 that will close this issue
Open
2 tasks
Certseeds added a commit to Certseeds/fastjson that referenced this issue Jun 26, 2022
@Certseeds
add a !isEOF() to fix alibaba#3719
465260a 
</subject>

Branch: issue3719-2nd

<type>:
- [x] Bug fix
- [ ] Bug fix (Test)
- [ ] New feature
- [x] New Test Case
- [ ] Breaking change
- [ ] Documentation update
- [ ] This change requires a documentation update

<body>

<footer>

Signed-off-by: Certseeds <51754303+Certseeds@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add a !isEOF() to fix #3719 Certseeds/fastjson
add testcase and fix #3719 Certseeds/fastjson
2 participants
@fmeum @Certseeds