-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SmileParser
throws unexpected IOOBE for corrupt content
#426
Comments
The problem here is that this might not be directly due to anything within Unfortunately I don't think It is very likely that this requires an invalid document being read; but it may also rely on specific accessors/iteration methods being called. |
SmileParser
throws unexpected IOOBESmileParser
throws unexpected IOOBE for corrupt content
In the
SmileParser::nextTextValue()
method, there is a line that uses the Integerptr
as an index to retrieve a byte from the_inputBuffer
. But it is found that with some invalid input and repeat calling to theSmileParser::nextTextValue()
method, it could cause ptr to be negative and trigger an unexpectedArrayIndexOutOfBoundsException
.The simplest fix is to add a bound check for the ptr before using it as the array index.
We found this issue by OSS-Fuzz and it is reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65126.
The text was updated successfully, but these errors were encountered: