Infinite loop during decode
fatboyfitz opened this issue · 5 comments
Decoding certain byte strings cause an infinite loop in MapDecoder.decodeInfinitiveLength(). The issue is that the input stream is exhausted, so decodeNext() always returns null. Null is never checked for an exit condition to the infinite loop. The data is not well formed CBOR, I realize, but I assumed that the decoder should throw in exception for malformed input.
Below is a base64 encoded byte string which triggers the problem and example code which shows the issue.
v0W5jpZleP8=
CBORInfiniteLoop.java.gz
@fatboyfitz Thanks for reporting. Could you please send a pull request to fix it? I'll merge it quickly and release a new version then.
I will try to make a patch. I'm not sure of the appropriate fix. My first thought was to throw exception when end-of-stream is detected in the decodeNext method, but I have not looked back at all the callers to see how everyone handles the null response it currently emits. If that's not the right place, then providing a specific fix for the decodeInfinitiveLength method seems straightforward enough.
@c-rack If you have any insight as to where I should focus the fix, please advise. Otherwise I will fork, fix, and send you a pull request as my work schedule allows .
@fatboyfitz You could first send a pull request which introduces a failing unit test. I guess that should be easy. Then, another pull request (by you or by me) can provide the actual fix.
Quickly scanning the code, we already have a detection for unexpected end of streams:
https://github.com/c-rack/cbor-java/blob/master/src/main/java/co/nstant/in/cbor/decoder/MapDecoder.java#L37-L39
Maybe your unit test reveals why this is not working.
My apologies - this was fixed in a later release than I was testing against. The github releases page only shows up to 0.7, which is what I was using. The latest on master has the check you mention and does indeed catch this problem.
You're welcome!