In the CBORParser.convertNumberToBigDecimal() method, there is an invocation of the CBORParser.getText() method which could return a null value when there is no more text left in the input. If the result is null, the code will throw a NullPointerException in the next line when the String::length() method is called. The CBORParser.convertNumberToBigDecimal() method is called by the public API CBORParser::nextDecimalValue().
@Override
public BigDecimal getDecimalValue() throws IOException
{
if ((_numTypesValid & NR_BIGDECIMAL) == 0) {
if (_numTypesValid == NR_UNKNOWN) {
_checkNumericValue(NR_BIGDECIMAL);
}
if ((_numTypesValid & NR_BIGDECIMAL) == 0) {
convertNumberToBigDecimal();
}
}
return _numberBigDecimal;
}
protected void convertNumberToBigDecimal() throws IOException
{
// Note: this MUST start with more accurate representations, since we don't know which
// value is the original one (others get generated when requested)
if ((_numTypesValid & (NR_DOUBLE | NR_FLOAT)) != 0) {
// Let's parse from String representation, to avoid rounding errors that
//non-decimal floating operations would incur
final String text = getText();
streamReadConstraints().validateFPLength(text.length());
...
The suggested fix is to add a null checking after the invocation of the ICBORParser.getText() method and throw an exception if the return value stored in size is indeed null.
In the
CBORParser.convertNumberToBigDecimal()
method, there is an invocation of theCBORParser.getText()
method which could return anull
value when there is no more text left in the input. If the result is null, the code will throw a NullPointerException in the next line when theString::length()
method is called. TheCBORParser.convertNumberToBigDecimal()
method is called by the public APICBORParser::nextDecimalValue()
.The suggested fix is to add a null checking after the invocation of the
ICBORParser.getText()
method and throw an exception if the return value stored insize
is indeed null.We found this issue by OSS-Fuzz and it is reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65768.