You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the IonParser::getText() method, there is a call to the IonReader::stringValue(). Also, in IonParser::getXXXValue() for retrieving different number values from the IonReader calls to underlying IonReader for retrieving string or number value. According to the Javadoc of IonReader, each of the APIs requires a special IonType and IllegalStateException could be thrown if the wrong type is passed. But there is a special case when there is no more input, the IonType will be null and continuing calling those methods will result in NullPointerException.
@OverridepublicStringgetText() throwsIOException
{
if (_currToken != null) { // null only before/after document
......
caseVALUE_STRING:
try {
// stringValue() will throw an UnknownSymbolException if we're// trying to get the text for a symbol ID that cannot be resolved.return_reader.stringValue();
} catch (UnknownSymbolExceptione) {
throw_constructError(e.getMessage(), e);
}
......
returnnull;
}
...
@OverridepublicBigIntegergetBigIntegerValue() throwsIOException {
return_reader.bigIntegerValue();
}
@OverridepublicBigDecimalgetDecimalValue() throwsIOException {
return_reader.bigDecimalValue();
}
@OverridepublicdoublegetDoubleValue() throwsIOException {
return_reader.doubleValue();
}
@OverridepublicfloatgetFloatValue() throwsIOException {
return (float) _reader.doubleValue();
}
@OverridepublicintgetIntValue() throwsIOException {
return_reader.intValue();
}
@OverridepubliclonggetLongValue() throwsIOException {
return_reader.longValue();
}
It is found that in the IonParser::getNumberValue() method, there is a null check to ensure the IonType (and NumberType) of the current token is not null before calling the corresponding data retrieving method in the IonReader implementation. But these null checks are missing from the above method which could cause unexpected NullPointerException.
cowtowncoder
changed the title
IonReader throws NullPointerException for unchecked invalid dataIonReader throws NullPointerException for unchecked invalid data
Dec 19, 2023
In the
IonParser::getText()
method, there is a call to theIonReader::stringValue()
. Also, inIonParser::getXXXValue()
for retrieving different number values from theIonReader
calls to underlyingIonReader
for retrieving string or number value. According to the Javadoc ofIonReader
, each of the APIs requires a specialIonType
andIllegalStateException
could be thrown if the wrong type is passed. But there is a special case when there is no more input, theIonType
will be null and continuing calling those methods will result inNullPointerException
.It is found that in the
IonParser::getNumberValue()
method, there is a null check to ensure theIonType
(andNumberType
) of the current token is not null before calling the corresponding data retrieving method in theIonReader
implementation. But these null checks are missing from the above method which could cause unexpectedNullPointerException
.The simplest fix is to add a null check similar to the one done in the
IonParser::getNumberValue()
method.We found this issue by OSS-Fuzz and it is reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65065 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65106.
The text was updated successfully, but these errors were encountered: