Fixes for #420: Wrap unexpected IOOBE (#421)

arthurscchan · web-flow · commit 1d1ccb0ecd10 · 2023-12-15T19:06:41.000-08:00
diff --git a/ion/src/main/java/com/fasterxml/jackson/dataformat/ion/IonParser.java b/ion/src/main/java/com/fasterxml/jackson/dataformat/ion/IonParser.java
@@ -550,6 +550,12 @@ public JsonToken nextToken() throws IOException
             type = _reader.next();
         } catch (IonException e) {
             _wrapError(e.getMessage(), e);
+
+        // [dataformats-binary#420]: IonJava leaks IOOBEs so:
+        } catch (IndexOutOfBoundsException e) {
+            _wrapError(String.format("Corrupt content to decode; underlying failure: (%s) %s",
+                    e.getClass().getName(), e.getMessage()),
+                    e);
         }
         if (type == null) {
             if (_parsingContext.inRoot()) { // EOF?
diff --git a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/Fuzz420_65062_65083IOOBETest.java b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/Fuzz420_65062_65083IOOBETest.java
@@ -0,0 +1,31 @@
+package com.fasterxml.jackson.dataformat.ion.fuzz;
+
+import java.io.InputStream;
+
+import org.hamcrest.Matchers;
+import org.junit.Test;
+
+import com.fasterxml.jackson.core.exc.StreamReadException;
+import com.fasterxml.jackson.dataformat.ion.*;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+// [dataformats-binary#420]
+public class Fuzz420_65062_65083IOOBETest
+{
+    @Test
+    public void testFuzz6506265083IOOBE() throws Exception {
+       IonFactory f = IonFactory
+                          .builderForTextualWriters()
+                          .enable(IonParser.Feature.USE_NATIVE_TYPE_ID)
+                          .build();
+       IonObjectMapper mapper = IonObjectMapper.builder(f).build();
+       try (InputStream in = getClass().getResourceAsStream("/data/fuzz-420.ion")) {
+           mapper.readTree(in);
+           fail("Should not pass (invalid content)");
+       } catch (StreamReadException e) {
+           assertThat(e.getMessage(), Matchers.containsString("Corrupt content to decode"));
+       }
+    }
+}
diff --git a/ion/src/test/resources/data/fuzz-420.ion b/ion/src/test/resources/data/fuzz-420.ion
diff --git a/release-notes/CREDITS-2.x b/release-notes/CREDITS-2.x
@@ -285,3 +285,5 @@ Arthur Chan (@arthurscchan)
  * Contributed #417: (ion) `IonReader` classes contain assert statement which could throw
    unexpected `AssertionError`
  (2.17.0)
+ * Contributed #420: (ion) `IndexOutOfBoundsException` thrown by `IonReader` implementations
+ (2.17.0)
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -19,6 +19,9 @@ Active maintainers:
 #417: (ion) `IonReader` classes contain assert statement which could throw
   unexpected `AssertionError`
  (contributed by Arthur C)
+#420: (ion) `IndexOutOfBoundsException` thrown by `IonReader` implementations
+  are not handled 
+ (contributed by Arthur C)
 -(ion) Update `com.amazon.ion:ion-java` to 1.11.0 (from 1.10.5)
 
 2.16.0 (15-Nov-2023)
