Skip to content

Commit ef2aee0

Browse files
committed
[cbor] avoid overflow when parsing negative numbers
1 parent 37cf699 commit ef2aee0

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -685,7 +685,8 @@ public JsonToken nextToken() throws IOException
685685
{
686686
int v = _decode32Bits();
687687
if (v < 0) {
688-
_numberLong = ((long) v) + -1L;
688+
long unsignedBase = (long) v & 0xFFFFFFFFL;
689+
_numberLong = -unsignedBase - 1L;
689690
_numTypesValid = NR_LONG;
690691
} else {
691692
_numberInt = -v - 1;
@@ -700,7 +701,8 @@ public JsonToken nextToken() throws IOException
700701
_numberLong = -l - 1L;
701702
_numTypesValid = NR_LONG;
702703
} else {
703-
_numberBigInt = _bigNegative(l);
704+
BigInteger unsignedBase = _bigPositive(l);
705+
_numberBigInt = unsignedBase.negate().subtract(BigInteger.ONE);
704706
_numTypesValid = NR_BIGINT;
705707
}
706708
}
@@ -1158,7 +1160,8 @@ public String nextTextValue() throws IOException
11581160
{
11591161
int v = _decode32Bits();
11601162
if (v < 0) {
1161-
_numberLong = ((long) v) + -1L;
1163+
long unsignedBase = (long) v & 0xFFFFFFFFL;
1164+
_numberLong = -unsignedBase - 1L;
11621165
_numTypesValid = NR_LONG;
11631166
} else {
11641167
_numberInt = -v - 1;
@@ -1173,7 +1176,8 @@ public String nextTextValue() throws IOException
11731176
_numberLong = l;
11741177
_numTypesValid = NR_LONG;
11751178
} else {
1176-
_numberBigInt = _bigNegative(l);
1179+
BigInteger unsignedBase = _bigPositive(l);
1180+
_numberBigInt = unsignedBase.negate().subtract(BigInteger.ONE);
11771181
_numTypesValid = NR_BIGINT;
11781182
}
11791183
}

0 commit comments

Comments
 (0)