Skip to content

Backport fix for #598: (protobuf) Protobuf parser state handling wrong for implicit close (END_OBJECT)#706

Open
cowtowncoder wants to merge 1 commit into
2.21from
backport-598-protobuf-end-object-2.21
Open

Backport fix for #598: (protobuf) Protobuf parser state handling wrong for implicit close (END_OBJECT)#706
cowtowncoder wants to merge 1 commit into
2.21from
backport-598-protobuf-end-object-2.21

Conversation

@cowtowncoder

@cowtowncoder cowtowncoder commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

Backports the fix for #598 to the 2.21 maintenance branch (ported from the 3.x fix, adapted to the com.fasterxml.jackson.* package namespace).

  • ProtobufParser previously reported the implicit root-level END_OBJECT and called close() in the same step. This worked in most cases, but conflicted with the ParserBase.close() behavior fixed in jackson-core#1438 (current token no longer reset on close()), since dataformats-binary 2.20 already picked up that jackson-core fix.
  • Adds a new STATE_ROOT_END parser state so that returning END_OBJECT and closing the parser become two separate steps: nextToken()/nextFieldName() first return END_OBJECT while leaving the parser open (isClosed() == false, getCurrentToken() == END_OBJECT), and only close the parser on the following call.

Also includes two small unrelated hardening fixes found while working in the same area:

  • Guard against integer overflow when computing packed-array and nested-message end offsets in ProtobufParser (_inputPtr + len could wrap for maliciously large lengths).
  • Fix ProtobufField.compareTo() to use Integer.compare(id, other.id) instead of id - other.id, which could overflow for extreme tag values.

…t close (END_OBJECT)

Add STATE_ROOT_END so that the parser separates returning the
implicit root-level END_OBJECT from actually closing the underlying
input/parser, matching jackson-core#1438 semantics. Also add
integer-overflow guards for packed-array and message length decoding,
and fix ProtobufField.compareTo() to use Integer.compare() instead of
subtraction.
@cowtowncoder cowtowncoder changed the title Fix #598: (protobuf) Protobuf parser state handling wrong for implicit close (END_OBJECT) Backport fix for #598: (protobuf) Protobuf parser state handling wrong for implicit close (END_OBJECT) Jul 2, 2026
@cowtowncoder cowtowncoder added this to the 2.21.5 milestone Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant