Fixes #437: catch and re-throw NPE (#438)

cowtowncoder · web-flow · commit 18b9655f47a6 · 2024-01-01T15:19:40.000-08:00
diff --git a/ion/src/main/java/com/fasterxml/jackson/dataformat/ion/IonParser.java b/ion/src/main/java/com/fasterxml/jackson/dataformat/ion/IonParser.java
@@ -593,8 +593,8 @@ public JsonToken nextToken() throws IOException
         } catch (IonException e) {
             return _reportCorruptContent(e);
 
-        } catch (IndexOutOfBoundsException | AssertionError e) {
-            // [dataformats-binary#420]: IonJava leaks IOOBEs so:
+        } catch (AssertionError | IndexOutOfBoundsException | NullPointerException e) {
+            // [dataformats-binary#420]: IonJava leaks IOOBEs, catch
             // [dataformats-binary#432]: AssertionError if we're trying to get the text
             //   with a symbol id less than or equals to 0.
             return _reportCorruptContent(e);
diff --git a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/Fuzz434_65268_65274_NPETest.java b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/Fuzz434_65268_65274_NPETest.java
@@ -24,7 +24,8 @@ public class Fuzz434_65268_65274_NPETest
     // Test that used to fail on "getNumberType()" for `JsonToken.VALUE_NULL`
     @Test
     public void testFuzz65268() throws Exception {
-        try (InputStream in = getClass().getResourceAsStream("/data/fuzz-65268.ion")) {
+        final byte[] doc = IonFuzzTestUtil.readResource("/data/fuzz-65268.ion");
+        try (InputStream in = new ByteArrayInputStream(doc)) {
            try (JsonParser p = ION_MAPPER.createParser(in)) {
                assertEquals(JsonToken.VALUE_STRING, p.nextToken());
                p.getText();
@@ -37,10 +38,9 @@ public void testFuzz65268() throws Exception {
 
     @Test
     public void testFuzz65274Malformed() throws Exception {
-        try (InputStream in = getClass().getResourceAsStream("/data/fuzz-65274.ion")) {
-            byte[] invalid = new byte[in.available()];
-            new DataInputStream(in).readFully(invalid);
-            ION_MAPPER.readTree(new ByteArrayInputStream(invalid));
+        final byte[] doc = IonFuzzTestUtil.readResource("/data/fuzz-65274.ion");
+        try {
+            ION_MAPPER.readTree(new ByteArrayInputStream(doc));
             fail("Should not pass (invalid content)");
         } catch (StreamReadException e) {
             assertThat(e.getMessage(), Matchers.containsString("Corrupt content to decode"));
diff --git a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/Fuzz437_65452_NPETest.java b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/Fuzz437_65452_NPETest.java
@@ -0,0 +1,33 @@
+package com.fasterxml.jackson.dataformat.ion.fuzz;
+
+import java.io.*;
+
+import org.hamcrest.Matchers;
+import org.junit.Test;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.exc.StreamReadException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.ion.*;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+// [dataformats-binary#437]
+public class Fuzz437_65452_NPETest
+{
+    private final ObjectMapper ION_MAPPER = new IonObjectMapper();
+
+    @Test
+    public void testFuzz65452NPE() throws Exception {
+        final byte[] doc = IonFuzzTestUtil.readResource("/data/fuzz-65452.ion");
+        try (InputStream in = new ByteArrayInputStream(doc)) {
+            try (JsonParser p = ION_MAPPER.createParser(in)) {
+                p.nextToken();
+            }
+            fail("Should not pass (invalid content)");
+        } catch (StreamReadException e) {
+            assertThat(e.getMessage(), Matchers.containsString("Corrupt content to decode"));
+        }
+    }
+}
diff --git a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/IonFuzzTestUtil.java b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/fuzz/IonFuzzTestUtil.java
@@ -0,0 +1,31 @@
+package com.fasterxml.jackson.dataformat.ion.fuzz;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class IonFuzzTestUtil
+{
+    public static byte[] readResource(String ref)
+    {
+       ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+       final byte[] buf = new byte[4000];
+
+       InputStream in = IonFuzzTestUtil.class.getResourceAsStream(ref);
+       if (in != null) {
+           try {
+               int len;
+               while ((len = in.read(buf)) > 0) {
+                   bytes.write(buf, 0, len);
+               }
+               in.close();
+           } catch (IOException e) {
+               throw new RuntimeException("Failed to read resource '"+ref+"': "+e);
+           }
+       }
+       if (bytes.size() == 0) {
+           throw new IllegalArgumentException("Failed to read resource '"+ref+"': empty resource?");
+       }
+       return bytes.toByteArray();
+    }
+}
diff --git a/ion/src/test/resources/data/fuzz-65452.ion b/ion/src/test/resources/data/fuzz-65452.ion
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -30,6 +30,7 @@ Active maintainers:
  (fix contributed by Arthur C)
 #434 (ion) Unexpected `NullPointerException` thrown from `IonParser::getNumberType()`
  (fix contributed by Arthur C)
+#437 (ion) `IonReader.next()` throws NPEs for some invalid content
 - (ion) Update `com.amazon.ion:ion-java` to 1.11.0 (from 1.10.5)
 
 2.16.1 (24-Dec-2023)
