Add failing test case for #267 (likely address only in 2.13)

cowtowncoder · cowtowncoder · commit 2bba4e64adb9 · 2021-03-27T11:25:31.000-07:00
diff --git a/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/CBORTestBase.java b/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/CBORTestBase.java
@@ -278,4 +278,25 @@ protected static byte[] concat(byte[] ... chunks)
         }
         return bout.toByteArray();
     }
+
+    protected byte[] readResource(String ref)
+    {
+       ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+       final byte[] buf = new byte[4000];
+
+       try (InputStream in = getClass().getResourceAsStream(ref)) {
+           if (in != null) {
+               int len;
+               while ((len = in.read(buf)) > 0) {
+                   bytes.write(buf, 0, len);
+               }
+           }
+       } catch (IOException e) {
+           throw new RuntimeException("Failed to read resource '"+ref+"': "+e);
+       }
+       if (bytes.size() == 0) {
+           throw new IllegalArgumentException("Failed to read resource '"+ref+"': empty resource?");
+       }
+       return bytes.toByteArray();
+    }
 }
diff --git a/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/failing/Fuzz32579BigDecimalTest.java b/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/failing/Fuzz32579BigDecimalTest.java
@@ -0,0 +1,48 @@
+package com.fasterxml.jackson.dataformat.cbor.failing;
+
+import java.math.BigInteger;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;
+
+public class Fuzz32579BigDecimalTest extends CBORTestBase
+{
+    private final ObjectMapper MAPPER = cborMapper();
+
+    // [dataformats-binary#267]
+    public void testBigDecimalOverflow() throws Exception
+    {
+//        final byte[] input = readResource("/data/clusterfuzz-cbor-32579.cbor");
+//        for (int i = 0; i < input.length; ++i) {
+//            System.out.printf("%02X: %02X\n", i, input[i] & 0xFF);
+//        }
+
+        final byte[] input = new byte[] {
+                (byte) 0xC4, // Tag: decimal fraction
+                (byte) 0x82,
+                0x1B,
+                0x00, 0x00, 0x00, 0x00,
+                0x7F,
+                (byte) 0xFF,
+                (byte) 0xFF,
+                (byte) 0xFF,
+                0x1B,
+                (byte) 0xC4,
+                (byte) 0x82,
+                0x1B,
+                0x2C,
+                0x25,
+                (byte) 0xFF,
+                (byte) 0xF6,
+                0x28,
+
+        };
+        
+        
+        JsonNode root = MAPPER.readTree(input);
+        assertTrue(root.isNumber());
+        assertTrue(root.isBigInteger());
+        assertEquals(BigInteger.ZERO, root.bigIntegerValue());
+    }
+}
