Fix possible IndexOutOfBoundsException

Signed-off-by: Arthur Chan <[email protected]>

src/main/java/com/fasterxml/jackson/dataformat/xml/XmlFactory.java

@@ -665,6 +665,8 @@ protected FromXmlParser _createParser(byte[] data, int offset, int len, IOContex
             }
         } catch (XMLStreamException e) {
             return StaxUtil.throwAsParseException(e, null);
+        } catch (IndexOutOfBoundsException e) {
+            throw new JsonParseException(null, "Invalid input data.", e);
         }
         sr = _initializeXmlReader(sr);
         FromXmlParser xp = new FromXmlParser(ctxt, _parserFeatures, _xmlParserFeatures,

src/main/java/com/fasterxml/jackson/dataformat/xml/deser/FromXmlParser.java

@@ -714,7 +714,13 @@ public JsonToken nextToken() throws IOException
             return t;
         }
 
-        int token = _nextToken();
+        int token;
+
+        try {
+            token = _nextToken();
+        } catch (IndexOutOfBoundsException e) {
+            throw new JsonParseException(this, "Invalid xml input", e);
+        }
         // Need to have a loop just because we may have to eat/convert
         // a start-element that indicates an array element.
         while (token == XmlTokenStream.XML_START_ELEMENT) {

src/main/java/com/fasterxml/jackson/dataformat/xml/deser/XmlDeserializationContext.java

@@ -3,6 +3,7 @@
 import java.io.IOException;
 
 import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonToken;
 import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.databind.cfg.CacheProvider;
@@ -97,13 +98,19 @@ public Object readRootValue(JsonParser p, JavaType valueType,
     {
         // 18-Sep-2021, tatu: Complicated mess; with 2.12, had [dataformat-xml#374]
         //    to disable handling. With 2.13, via [dataformat-xml#485] undid this change
-        if (_config.useRootWrapping()) {
-            return _unwrapAndDeserialize(p, valueType, deser, valueToUpdate);
-        }
-        if (valueToUpdate == null) {
-            return deser.deserialize(p, this);
+        try {
+            if (_config.useRootWrapping()) {
+                return _unwrapAndDeserialize(p, valueType, deser, valueToUpdate);
+            }
+            if (valueToUpdate == null) {
+                return deser.deserialize(p, this);
+            }
+            return deser.deserialize(p, this, valueToUpdate);
+        } catch (IndexOutOfBoundsException e) {
+            // If value is invalid without end character, the deserialize will
+            //     read pass the array bound and throws IndexOutOfBoundException
+            throw new JsonParseException(p, "Invalid value with missing JsonToken.END_OBJECT.", e);
         }
-        return deser.deserialize(p, this, valueToUpdate);
     }
 
     // To support case where XML element has attributes as well as CDATA, need

src/test/java/com/fasterxml/jackson/dataformat/xml/deser/TestDeserialization.java

@@ -2,11 +2,14 @@
 
 import com.fasterxml.jackson.annotation.JsonRootName;
 
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.dataformat.xml.XmlMapper;
 import com.fasterxml.jackson.dataformat.xml.XmlTestBase;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText;
 
+import java.nio.file.*;
+
 public class TestDeserialization extends XmlTestBase
 {
     static class AttributeBean
@@ -120,4 +123,19 @@ public void testWithAttribute219Line() throws Exception
         assertNotNull(result);
         assertEquals("138", result.amount);
     }
+
+    public void testwithInvalidXml() throws Exception
+    {
+        try {
+            for (int i = 1; i <= 3; i++) {
+                String path = "src/test/java/com/fasterxml/jackson/dataformat/xml/deser/invalid_xml_" + i;
+                MAPPER.readTree(Files.readAllBytes(Paths.get(path)));
+             }
+        } catch (Exception e) {
+            // Should throw JsonParseException if provided input is invalid.
+            if (!(e instanceof JsonParseException)) {
+                throw e;
+            }
+        }
+    }
 }

src/test/java/com/fasterxml/jackson/dataformat/xml/deser/invalid_xml_1

@@ -0,0 +1,144 @@
+<xx>http://www.w3.org/2002/XMLS#PCDATAnnsctae<va><x><n xmlns:x="http://w%w.w3.org/2001/XMLSchema-instance" x:nil="true">
+
+w.w3.javax.01/XMLaA
+/Xtp://www.w3.javax.01/XMLachuma-ins&lt;e<U><D>#
+A
+/XM 
+<MM.><y><na3 U=""><P><c><va><x><n xmlns:x="http://w%w.w3.org/200
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1/XML" x:nil="true">
+
+w.w3.javax.01/XMLaA
+/Xtp://www.w3.javax.01/XMLachuma-ins&lt;e<U><D>#
+A
+/XM 
+
+
+h><Isd4>c<p1><s4><ex>r<iw><xnnd8 fx=""><xd>%<_d-><j7><V><d M="" Nb=""><g><S>�si
+
+h><Isd3>c<p1><s4><ex>r<iw><xnnd8 fx=""><xd>%<_d-><j7><V><d M="" Nb=""><g><S>�si><di><r><nQ>'<a N=""><qllll