fastjson StringIndexOutOfBoundsException in JSONPathParser.next

au9on6nz  于 5个月前  发布在  其他
关注(0)|答案(2)|浏览(42)

(from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32371 )

The following reproducer:

import java.util.Base64;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONException;

public class FastJsonCrash {
    public static String btoa(String base64) {
        return new String(Base64.getDecoder().decode(base64));
    }
    public static void main(String[] args) {
        try {
            JSON.parse(btoa("ewogICAgICJzdGFvbnMiOiBbCiAgICAgewogICAgICIkcmVmIjogIi4gICJocmVmIi97VA=="));
        } catch (JSONException unused) {
        }
    }
}

throws this exception with the current master branch of fastjson:

java.lang.StringIndexOutOfBoundsException: String index out of range: 3
	at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
	at java.base/java.lang.String.charAt(String.java:709)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.next(JSONPath.java:911)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.skipWhitespace(JSONPath.java:1038)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.readName(JSONPath.java:1904)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.readSegement(JSONPath.java:983)
	at com.alibaba.fastjson.JSONPath$JSONPathParser.explain(JSONPath.java:1975)
	at com.alibaba.fastjson.JSONPath.init(JSONPath.java:87)
	at com.alibaba.fastjson.JSONPath.isRef(JSONPath.java:94)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:458)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parseArray(DefaultJSONParser.java:1246)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:533)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1427)
	at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1393)
	at com.alibaba.fastjson.JSON.parse(JSON.java:181)
	at com.alibaba.fastjson.JSON.parse(JSON.java:191)
	at com.alibaba.fastjson.JSON.parse(JSON.java:147)
	at FastJsonCrash.main(FastJsonCrash.java:12)
fastjson

2条答案

按热度按时间
biswetbf

biswetbf1#

看来 #3631 没把问题都解决掉...

赞(0)分享  回复(0)举报  5个月前
ybzsozfc

ybzsozfc2#

看来 #3631 没把问题都解决掉...

OSS-Fuzz has found a couple more bugs in fastjson. @wenshao has access to them at e.g. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32371 .

If other maintainers would like to get access to these bug reports, they could add themselves to the list at https://github.com/google/oss-fuzz/pull/5373/files#diff-de1d9d931afd47b420363a2c5adcece244da7e22b1b01bcaaa7d116ceff3e660R3-R5 or let me add them.

赞(0)分享  回复(0)举报  5个月前
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com