Long escaped tag URI sequences throw BufferOverflowException
GoogleCodeExporter opened this issue · 3 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
Attempt to load a YAML document containing a long sequence of tag URI escape
characters (%HH), at least 257 characters long. A test case:
/**
* Try loading a tag with a very long escaped URI section (over 256 bytes' worth).
* @throws IOException
*/
public void testLongURIEscape () throws IOException {
YamlLoader loader = new YamlLoader();
// Create a long escaped string by exponential growth...
String longEscURI = "%41"; // capital A...
for ( int i = 0; i < 10; ++i ) {
longEscURI = longEscURI + longEscURI;
}
String yaml = "foo: !<"+longEscURI+">";
try {
loader.load ( yaml );
} catch ( Exception e ) {
assertTrue (
"Exception must be due to bad tag, not due to buffer overflow but was "+e.getClass(),
e instanceof ConstructorException
);
}
}
(The ConstructorException is expected as there is no class with a name
consisting of 1024 upper-case "A" characters.)
Instead of blindly allocating 256 bytes of buffer and hoping that works, detect
the exact length we will need by looking ahead.
A patch file that fixes the issue is attached.
Original issue reported on code.google.com by JordanAn...@gmail.com on 2 Mar 2011 at 8:00
Attachments:
GoogleCodeExporter commented
I have changed the test to be successful.
The patch is slightly changed to start with 1.
Original comment by py4fun@gmail.com on 3 Mar 2011 at 1:15
- Changed state: Started
- Added labels: ****
- Removed labels: ****
GoogleCodeExporter commented
Agreed.
Original comment by JordanAn...@gmail.com on 3 Mar 2011 at 1:21
- Added labels: ****
- Removed labels: ****
GoogleCodeExporter commented
Original comment by py4fun@gmail.com on 3 Mar 2011 at 4:17
- Changed state: Fixed
- Added labels: ****
- Removed labels: ****