From 373865414cf4baf6bc06e3e268fd4ac921bc9517 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Fri, 2 Jul 2021 12:50:28 -0700
Subject: [PATCH] Fix #288

---
 .../jackson/dataformat/cbor/CBORParser.java   |  5 ++++
 .../Fuzz288_35750_NonCanonicalNameTest.java   | 28 +++++++++++++++++++
 release-notes/VERSION-2.x                     |  1 +
 3 files changed, 34 insertions(+)
 create mode 100644 cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz288_35750_NonCanonicalNameTest.java

diff --git a/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java b/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java
index 3f1088cb4..ba0d3f407 100644
--- a/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java
+++ b/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java
@@ -2697,6 +2697,11 @@ private final String _decodeShortName(int len) throws IOException
 
     private final String _decodeLongerName(int len) throws IOException
     {
+        // [dataformats-binary#288]: non-canonical length of 0 needs to be
+        // dealt with
+        if (len == 0)  {
+            return "";
+        }
         // Do we have enough buffered content to read?
         if ((_inputEnd - _inputPtr) < len) {
             // or if not, could we read?
diff --git a/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz288_35750_NonCanonicalNameTest.java b/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz288_35750_NonCanonicalNameTest.java
new file mode 100644
index 000000000..212a1be90
--- /dev/null
+++ b/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/fuzz/Fuzz288_35750_NonCanonicalNameTest.java
@@ -0,0 +1,28 @@
+package com.fasterxml.jackson.dataformat.cbor.fuzz;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;
+
+public class Fuzz288_35750_NonCanonicalNameTest extends CBORTestBase
+{
+    private final ObjectMapper MAPPER = cborMapper();
+
+    // [dataformats-binary#288]: non-canonical representation for length of 0
+    // causing ArrayOutOfBoundsException
+    public void testInvalidLongName() throws Exception
+    {
+        final byte[] input = new byte[] {
+                (byte) 0x8A,
+                (byte) 0xAD, 0x7A, 0x00,
+                0x00, 0x00, 0x00
+        };
+
+        try (JsonParser p = MAPPER.createParser(input)) {
+            assertToken(JsonToken.START_ARRAY, p.nextToken());
+            assertToken(JsonToken.START_OBJECT, p.nextToken());
+            assertToken(JsonToken.FIELD_NAME, p.nextToken());
+        }
+    }
+}
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 2070412a7..627518365 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -13,6 +13,7 @@ Modules:
 2.12.4 (not yet released)
 
 #287: (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+#288: (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)
 
 2.12.3 (12-Apr-2021)