Comments (1)
cowtowncoder
commented on June 21, 2024
The problem here is that this might not be directly due to anything within nextTextValue() itself but (possibly) in preceding steps. So it is necessary to see the sequence of things that lead to the problematic state, in which call to nextTextValue() (and likely other calls) would fail.
Unfortunately I don't think nextTextValue() can truly validate offset at that point, but rather whatever lead to invalid value needs to be fixed
(specifically: just because offset is within valid buffer does not mean it might not be corrupt -- it being off the buffer does indicate it is invalid, of course, but the goal is prevent the problem where it occurs).
It is very likely that this requires an invalid document being read; but it may also rely on specific accessors/iteration methods being called.
from jackson-dataformats-binary.
Related Issues (20)
- Support for StreamReadConstraints for CBOR, Smile backends HOT 1
- Refactor Smile format module use of `ThreadLocal` to be bound to `SmileFactory` HOT 1
- Honor READ_ENUMS_USING_TO_STRING feature when deserializing HOT 3
- Honor `READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE` feature with Protobuf HOT 5
- Rewrite Smile buffer recycling (`SmileBufferRecycler`) to use new (2.16) `RecyclerPool`, allow configuring use of non-ThreadLocal based pools HOT 2
- Rewrite Avro buffer recycling (`ApacheCodecRecycler.java`) to use new (2.16) `RecyclerPool`, allow configuring use of non-ThreadLocal based pools
- CVE in avro prior to v1.11.3 HOT 2
- Remove Smile-specific buffer-recycling
- Update `com.amazon.ion:ion-java` to 1.10.5 (from 1.9.5)
- (avro) Snyk Reports a Critical Vulnerability (org.codehaus.jackson:jackson-mapper-asl Improper Input Validation) -- NOT APPLICABLE (polymorphic deserialization) HOT 3
- Avro does not respect default values defined in schema HOT 8
- `IonReader` classes contain assert statement which could throw unexpected `AssertionError` HOT 1
- `IndexOutOfBoundsException` thrown by `IonReader` implementations are not handled HOT 1
- Avro generation failed with enums containing values with special characters HOT 3
- `IonReader` throws `NullPointerException` for unchecked invalid data
- `IonParser.getIntValue()` fails or does not handle value overflow checks HOT 1
- CBOR: negative BigInteger values not handled correctly HOT 2
- More methods from `IonReader` could throw an unexpected `AssertionError`
- Unexpected `NullPointerException` thrown from `IonParser::getNumberType()` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jackson-dataformats-binary.