Fix a out of bounds exception when writing to the outBuf (#643)

sugmanue · web-flow · commit 0dce23bc5996 · 2025-12-19T14:04:58.000-08:00
diff --git a/cbor/src/main/java/tools/jackson/dataformat/cbor/CBORParser.java b/cbor/src/main/java/tools/jackson/dataformat/cbor/CBORParser.java
@@ -2592,7 +2592,7 @@ private final int _finishLongTextAscii(int len) throws JacksonException
         int outPtr = 0;
         while (len > 0) {
             // load as much input as possible
-            int size = Math.min(len, Math.min(outBuf.length, input.length));
+            int size = Math.min(len, Math.min((outBuf.length - outPtr), input.length));
             if (!_tryToLoadToHaveAtLeast(size)) {
                 return len;
             }
diff --git a/cbor/src/test/java/tools/jackson/dataformat/cbor/parse/ParseLongAsciiTextTest.java b/cbor/src/test/java/tools/jackson/dataformat/cbor/parse/ParseLongAsciiTextTest.java
@@ -20,22 +20,30 @@ public class ParseLongAsciiTextTest extends CBORTestBase
     @Test
     public void testLongNonChunkedAsciiText() throws Exception
     {
-        try (JsonParser p = CBOR_F.createParser(ObjectReadContext.empty(),
-                this.getClass().getResourceAsStream("/data/macbeth-snippet-non-chunked.cbor"))) {
-            assertEquals(JsonToken.VALUE_STRING, p.nextToken());
-            String expected = new String(readResource("/data/macbeth-snippet.txt"), "UTF-8");
-            assertEquals(expected, p.getString());
+        // run several times to allow the internal buffers
+        // to grow
+        for (int x = 0; x < 3 ; x++) {
+            try (JsonParser p = CBOR_F.createParser(ObjectReadContext.empty(),
+                    this.getClass().getResourceAsStream("/data/macbeth-snippet-non-chunked.cbor"))) {
+                assertEquals(JsonToken.VALUE_STRING, p.nextToken());
+                String expected = new String(readResource("/data/macbeth-snippet.txt"), "UTF-8");
+                assertEquals(expected, p.getString());
+            }
         }
     }
 
     @Test
     public void testLongChunkedAsciiText() throws Exception
     {
-        try (JsonParser p = CBOR_F.createParser(ObjectReadContext.empty(),
-                this.getClass().getResourceAsStream("/data/macbeth-snippet-chunked.cbor"))) {
-            assertEquals(JsonToken.VALUE_STRING, p.nextToken());
-            String expected = new String(readResource("/data/macbeth-snippet.txt"), StandardCharsets.UTF_8);
-            assertEquals(expected, p.getString());
+        // run several times to allow the internal buffers
+        // to grow
+        for (int x = 0; x < 3 ; x++) {
+            try (JsonParser p = CBOR_F.createParser(ObjectReadContext.empty(),
+                    this.getClass().getResourceAsStream("/data/macbeth-snippet-chunked.cbor"))) {
+                assertEquals(JsonToken.VALUE_STRING, p.nextToken());
+                String expected = new String(readResource("/data/macbeth-snippet.txt"), StandardCharsets.UTF_8);
+                assertEquals(expected, p.getString());
+            }
         }
     }
 }
diff --git a/cbor/src/test/resources/data/macbeth-snippet-chunked.cbor b/cbor/src/test/resources/data/macbeth-snippet-chunked.cbor
@@ -1,4 +1,5 @@
-y�---
+y�The Tragedy of Macbeth, often shortened to Macbeth, is a tragedy by William Shakespeare, estimated to have been first performed in 1606
+---
 Act I, Scene  
 
 A desert place.
@@ -117,11 +118,11 @@ First Witch. Where hast thou been, sister?
 Second Witch. Killing swine.
 Third Witch. Sister, where thou? 
 First Witch. A sailor's wife had chestnuts in her lap,
-And munch'd, and munch'd, and munch'd:-
+And munch'd, and munch'd, any�d munch'd:-
 'Give me,' quoth I:
 'Aroint thee, witch!' the rump-fed ronyon cries.
 Her husband's to Aleppo gone, master o' the Tiger: 
-Buty� in a sieve I'll thither sail,
+But in a sieve I'll thither sail,
 And, like a rat without a tail,
 I'll do, I'll do, and I'll do.
 Second Witch. I'll give thee a wind.
@@ -223,12 +224,13 @@ Nothing afeard of what thyself didst make,
 Strange images of death. As thick as hail
 Came post with post; and every one did bear
 Thy praises in his kingdom's great defence,
-And pour'd them down before him.
+And pour'd them down before himy
+f.
 Angus. We are sent 
 To give thee from our royal master thanks;
 Only to herald thee into his sight,
 Not pay thee.
-Ross. And, for an eary	�nest of a greater honour,
+Ross. And, for an earnest of a greater honour,
 He bade me, from him, call thee thane of Cawdor: 
 In which addition, hail, most worthy thane!
 For it is thine.
diff --git a/cbor/src/test/resources/data/macbeth-snippet-non-chunked.cbor b/cbor/src/test/resources/data/macbeth-snippet-non-chunked.cbor
@@ -1,4 +1,5 @@
-y)---
+y)�The Tragedy of Macbeth, often shortened to Macbeth, is a tragedy by William Shakespeare, estimated to have been first performed in 1606
+---
 Act I, Scene  
 
 A desert place.
diff --git a/cbor/src/test/resources/data/macbeth-snippet.txt b/cbor/src/test/resources/data/macbeth-snippet.txt
@@ -1,3 +1,4 @@
+The Tragedy of Macbeth, often shortened to Macbeth, is a tragedy by William Shakespeare, estimated to have been first performed in 1606
 ---
 Act I, Scene  
 

Original file line number	Diff line number	Diff line change
`@@ -2592,7 +2592,7 @@ private final int _finishLongTextAscii(int len) throws JacksonException`
`2592`	`2592`	`int outPtr = 0;`
`2593`	`2593`	`while (len > 0) {`
`2594`	`2594`	`// load as much input as possible`
`2595`		`- int size = Math.min(len, Math.min(outBuf.length, input.length));`
	`2595`	`+ int size = Math.min(len, Math.min((outBuf.length - outPtr), input.length));`
`2596`	`2596`	`if (!_tryToLoadToHaveAtLeast(size)) {`
`2597`	`2597`	`return len;`
`2598`	`2598`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+The Tragedy of Macbeth, often shortened to Macbeth, is a tragedy by William Shakespeare, estimated to have been first performed in 1606`
`1`	`2`	`---`
`2`	`3`	`Act I, Scene`
`3`	`4`