-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undeclared exceptions thrown by JSON.parse
#3631
Comments
@wenshao |
As the issues reported in this thread were found via fuzzing, I have drafted a PR that would set up fastjson for continuous fuzzing in OSS-Fuzz: google/oss-fuzz#5373 Let me know if you have any questions or concerns. |
@wenshao Sorry, I didn't intend for google/oss-fuzz#5373 to be merged right away. If you want me to make any changes or revert the OSS-Fuzz integration entirely, please let me know. |
While fuzzing
fastjson
in version 1.2.75, I found 4 cases of undeclared exceptions (i.e., exceptions other than JSONException).The crashes can be reproduced with the following standalone Java applications, which require fastjson-1.2.75.jar from https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.75/fastjson-1.2.75.jar in the classpath.
Issue 1:
NumberFormatException
Issue 2:
ClassCastException
Issue 3:
ArrayIndexOutOfBoundsException
Issue 4:
ArrayIndexOutOfBoundsException
The text was updated successfully, but these errors were encountered: