Fix issue 454: Wrap unexpected NumberFormatException (#455)

FasterXML · Jan 18, 2024 · 1ca2e8f · 1ca2e8f
1 parent 2cd53c4
commit 1ca2e8f
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 3 deletions.
diff --git a/release-notes/CREDITS-2.x b/release-notes/CREDITS-2.x
@@ -250,6 +250,8 @@ Arthur Chan (arthurscchan@github)
 * Contributed fix for #445: `YAMLParser` throws unexpected `NullPointerException` in certain
   number parsing cases
  (2.16.1)
+* Contributed fix for #454: (yaml) Unexpected `NumberFormatException` in `YAMLParser`
+ (2.17.0)
 
 Mathieu Lavigne (@mathieu-lavigne)
 

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -19,6 +19,8 @@ Active Maintainers:
 #45: (csv) Allow skipping ending line break
   (`CsvGenerator.Feature.WRITE_LINEFEED_AFTER_LAST_ROW`)
  (proposed by Mathieu L)
+#454: (yaml) Unexpected `NumberFormatException` in `YAMLParser`
+ (fix contributed by Arthur C)
 
 2.16.1 (24-Dec-2023)
 

diff --git a/yaml/src/main/java/com/fasterxml/jackson/dataformat/yaml/YAMLParser.java b/yaml/src/main/java/com/fasterxml/jackson/dataformat/yaml/YAMLParser.java
@@ -1083,7 +1083,7 @@ protected void _parseNumericValue(int expType) throws IOException
                 len--;
             }
             if (len <= 9) { // definitely fits in int
-                _numberInt = Integer.parseInt(_cleanedTextValue);
+                _numberInt = _decodeInt(_cleanedTextValue, 10);
                 _numTypesValid = NR_INT;
                 return;
             }
@@ -1164,8 +1164,9 @@ protected int _parseIntValue() throws IOException
                 len--;
             }
             if (len <= 9) { // definitely fits in int
+                _numberInt = _decodeInt(_cleanedTextValue, 10);
                 _numTypesValid = NR_INT;
-                return (_numberInt = Integer.parseInt(_cleanedTextValue));
+                return _numberInt;
             }
         }
         _parseNumericValue(NR_INT);
@@ -1239,7 +1240,7 @@ private JsonToken _cleanYamlInt(String str) throws IOException
             }
         }
         _cleanedTextValue = sb.toString();
-        if (_cleanedTextValue.isEmpty()) {
+        if (_cleanedTextValue.isEmpty() || "-".equals(_cleanedTextValue)) {
             _reportError(String.format("Invalid number ('%s')", str));
         }
         return JsonToken.VALUE_NUMBER_INT;

diff --git a/yaml/src/test/java/com/fasterxml/jackson/dataformat/yaml/fuzz/FuzzYAMLRead65855Test.java b/yaml/src/test/java/com/fasterxml/jackson/dataformat/yaml/fuzz/FuzzYAMLRead65855Test.java
@@ -0,0 +1,26 @@
+package com.fasterxml.jackson.dataformat.yaml.fuzz;
+
+import com.fasterxml.jackson.core.*;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import com.fasterxml.jackson.dataformat.yaml.ModuleTestBase;
+
+public class FuzzYAMLRead65855Test extends ModuleTestBase
+{
+    private final ObjectMapper MAPPER = newObjectMapper();
+
+    // https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65855
+    public void testMalformedNumber65855() throws Exception
+    {
+        String doc = "!!int\n-_";
+
+        try (JsonParser p = MAPPER.createParser(doc)) {
+            // Should be triggered by advacing to next token, even without accessing value
+            assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+            fail("Should not pass");
+        } catch (JacksonException e) {
+            verifyException(e, "Invalid number ('-_')");
+        }
+    }
+}