Skip to content

Handle value overflow checks for IonParser.getIntValue() - #428 #481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Feb 9, 2024
Merged

Handle value overflow checks for IonParser.getIntValue() - #428 #481

merged 7 commits into from
Feb 9, 2024

Conversation

thomasdelange5
Copy link
Contributor

Add number size checks for IonParser getIntValue and getLongValue. Fix failing tests for #428

cowtowncoder
cowtowncoder reviewed Feb 9, 2024
View reviewed changes
ion/src/main/java/com/fasterxml/jackson/dataformat/ion/IonParser.java Outdated
return _reader.intValue();
}
} catch (IonException
// 15-Jan-2024, tatu: other OSS-Fuzz tests suggest we need this:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's not add this back (I think @tgregg is working on handling these edge cases)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. If fuzzing identifies any new leaked exceptions I'd like to fix those in ion-java; in the meantime we can cover them in failing tests.

@cowtowncoder
Copy link
Member

Looks good @thomasdelange5 -- thank you for contributing this!

Only one other thing before I can merge this: if we haven't gotten CLA for you yet (it only needs to be done once per contributor):

https://github.com/FasterXML/jackson/blob/master/contributor-agreement.pdf

(or possibly alternate Corporate CLA addendum if this is under some company's; we have a few Amazon contributors for Ion).
It is usually easiest to fill & sign, print, scan/photo, email to cla at fasterxml dot com.
Once we have it (and if you have sent previously, let me know please), I can proceed with merging this fix!

@thomasdelange5
Copy link
Contributor Author

Thank you for getting back so quickly @cowtowncoder! I will remove that catch clause and submit the CLA now.

tgregg
tgregg reviewed Feb 9, 2024
View reviewed changes
ion/src/main/java/com/fasterxml/jackson/dataformat/ion/IonParser.java Outdated
@@ -390,7 +390,22 @@ public int getIntValue() throws IOException {
// @since 2.17
private int _getIntValue() throws IOException {
try {
return _reader.intValue();
if (getNumberType() == NumberType.LONG) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: for performance reasons, I recommend storing this value and using it in both branches. ion-java has to do some bounds checking on the values, and we should avoid doing that twice when possible.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok will do. Thanks @tgregg

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was about to suggest same, +1

@cowtowncoder
Copy link
Member

CLA received, will merge for 2.17(.0).

Thank you, @thomasdelange5 !

@cowtowncoder cowtowncoder merged commit cba329f into FasterXML:2.17 Feb 9, 2024
@thomasdelange5
Copy link
Contributor Author

thomasdelange5 commented Feb 9, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cowtowncoder cowtowncoder cowtowncoder approved these changes

@tgregg tgregg tgregg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thomasdelange5 @cowtowncoder @tgregg