Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cbor] Invalid value returned for negative int32 where the absolute value is > 2^31 - 1 #124

Closed
JacekLach opened this issue Dec 1, 2017 · 1 comment
Closed

[cbor] Invalid value returned for negative int32 where the absolute value is > 2^31 - 1 #124

JacekLach opened this issue Dec 1, 2017 · 1 comment
Labels
cbor
Milestone
2.9.3

Comments

@JacekLach
Copy link
Contributor

JacekLach commented Dec 1, 2017
edited
Loading

In #30, parsing of positive integers was fixed for the case where the uint32 value overflows a java int:

jackson-dataformats-binary/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java

Lines 679 to 689 in d8f82c7

// 15-Oct-2016, as per [dataformats-binary#30], we got an edge case here
{
int v = _decode32Bits();
if (v >= 0) {
_numberInt = v;
} else {
long l = (long) v;
_numberLong = l & 0xFFFFFFFFL;
_numTypesValid = NR_LONG;
}
}

However, the parsing of negative numbers (major type 1) was not adjusted correctly:

jackson-dataformats-binary/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java

Lines 722 to 731 in d8f82c7

// 15-Oct-2016, as per [dataformats-binary#30], we got an edge case here
{
int v = _decode32Bits();
if (v < 0) {
_numberLong = ((long) v) + -1L;
_numTypesValid = NR_LONG;
} else {
_numberInt = -v - 1;
}
}

The cast of _numberLong = ((long) v) + -1L; does not adequately prevent overflow; if v is negative, it has to be adjusted to represent the uint32 value, and then negated:

case 2:
    {
        int v = _decode32Bits();
        if (v < 0) {
            long unsignedV = (long) v & 0xFFFFFFFFL;
            _numberLong = -1L - unsignedV;
            _numTypesValid = NR_LONG;
        } else {
            _numberInt = -v - 1;
        }
    }
    break;

Similar adjustment is required for other sizes.

As a test case, deserializing 3A 9FF0947F should produce -2683344000; currently it results in -1611623298.
@JacekLach JacekLach mentioned this issue Dec 1, 2017
Merged
@cowtowncoder cowtowncoder added this to the 2.9.3 milestone Dec 3, 2017
cowtowncoder added a commit that referenced this issue Dec 4, 2017
@cowtowncoder
Update release notes wrt #124
372fb4b
@cowtowncoder
Copy link
Member

Thank you for reporting this, providing fix! Will be in 2.9.3.

jobarr-amzn added a commit to jobarr-amzn/jackson-dataformats-binary that referenced this issue Nov 30, 2020
@jobarr-amzn
Reference to FasterXML#149 in CBORParser should be FasterXML#124
c5ca642 
FasterXML#124 relates to a CBOR invalid integer value issue, whereas FasterXML#149 is about polymorphic Ion serialization.
@jobarr-amzn jobarr-amzn mentioned this issue Nov 30, 2020
Merged
cowtowncoder pushed a commit that referenced this issue Nov 30, 2020
@jobarr-amzn @cowtowncoder
Reference to #149 in CBORParser should be #124
4925c41 
#124 relates to a CBOR invalid integer value issue, whereas #149 is about polymorphic Ion serialization.
cowtowncoder pushed a commit that referenced this issue Nov 30, 2020
@jobarr-amzn @cowtowncoder
Reference to #149 in CBORParser should be #124
08b1d5d 
#124 relates to a CBOR invalid integer value issue, whereas #149 is about polymorphic Ion serialization.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cbor
Projects
None yet
Milestone
2.9.3
Development

No branches or pull requests
2 participants
@cowtowncoder @JacekLach