handle buffer reading

rene-ye · rene-ye · commit 11e2bf4212ca · 2018-07-19T11:52:04.000-07:00
for invalid buffer input by user
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/Geography.java b/src/main/java/com/microsoft/sqlserver/jdbc/Geography.java
@@ -7,6 +7,7 @@
 
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
+import java.text.MessageFormat;
 
 
 public class Geography extends SQLServerSpatialDatatype {
@@ -368,10 +369,10 @@ protected void serializeToWkb(boolean noZM) {
         return;
     }
 
-    protected void parseWkb() {
-        srid = buffer.getInt();
-        version = buffer.get();
-        serializationProperties = buffer.get();
+    protected void parseWkb() throws SQLServerException {
+        srid = readInt();
+        version = readByte();
+        serializationProperties = readByte();
 
         interpretSerializationPropBytes();
         readNumberOfPoints();
@@ -402,11 +403,17 @@ protected void parseWkb() {
         }
     }
 
-    private void readPoints() {
-        points = new double[2 * numberOfPoints];
+    private void readPoints() throws SQLServerException {
+        try {//if no limit of points is allowed, this should be an array of arrays
+            points = new double[2 * numberOfPoints];
+        } catch (NegativeArraySizeException | OutOfMemoryError e) {
+            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ParsingError"));
+            Object[] msgArgs = {JDBCType.VARBINARY};//should throw some kind of 'array size too large error here'
+            throw new SQLServerException(this, form.format(msgArgs), null, 0, false);
+        }
         for (int i = 0; i < numberOfPoints; i++) {
-            points[2 * i + 1] = buffer.getDouble();
-            points[2 * i] = buffer.getDouble();
+            points[2 * i + 1] = readDouble();
+            points[2 * i] = readDouble();
         }
     }
 }
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/Geometry.java b/src/main/java/com/microsoft/sqlserver/jdbc/Geometry.java
@@ -369,10 +369,10 @@ protected void serializeToWkb(boolean noZM) {
         return;
     }
 
-    protected void parseWkb() {
-        srid = buffer.getInt();
-        version = buffer.get();
-        serializationProperties = buffer.get();
+    protected void parseWkb() throws SQLServerException {
+        srid = readInt();
+        version = readByte();
+        serializationProperties = readByte();
 
         interpretSerializationPropBytes();
         readNumberOfPoints();
@@ -403,11 +403,11 @@ protected void parseWkb() {
         }
     }
 
-    private void readPoints() {
+    private void readPoints() throws SQLServerException {
         points = new double[2 * numberOfPoints];
         for (int i = 0; i < numberOfPoints; i++) {
-            points[2 * i] = buffer.getDouble();
-            points[2 * i + 1] = buffer.getDouble();
+            points[2 * i] = readDouble();
+            points[2 * i + 1] = readDouble();
         }
     }
 }
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerSpatialDatatype.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerSpatialDatatype.java
@@ -6,6 +6,7 @@
 package com.microsoft.sqlserver.jdbc;
 
 import java.math.BigDecimal;
+import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
 import java.text.MessageFormat;
 import java.util.ArrayList;
@@ -98,7 +99,7 @@ abstract class SQLServerSpatialDatatype {
      * corresponding data structures.
      * 
      */
-    protected abstract void parseWkb();
+    protected abstract void parseWkb() throws SQLServerException;
 
     /**
      * Create the WKT representation of Geometry/Geography from the deserialized data.
@@ -1234,71 +1235,82 @@ protected void interpretSerializationPropBytes() {
         isLargerThanHemisphere = (serializationProperties & isLargerThanHemisphereMask) != 0;
     }
 
-    protected void readNumberOfPoints() {
+    protected void readNumberOfPoints() throws SQLServerException {
         if (isSinglePoint) {
             numberOfPoints = 1;
         } else if (isSingleLineSegment) {
             numberOfPoints = 2;
         } else {
-            numberOfPoints = buffer.getInt();
+            numberOfPoints = readInt();
+            if (numberOfPoints <= 0) {
+                MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ParsingError"));
+                Object[] msgArgs = {JDBCType.VARBINARY};
+                throw new SQLServerException(this, form.format(msgArgs), null, 0, false);
+            }
         }
     }
 
-    protected void readZvalues() {
+    protected void readZvalues() throws SQLServerException {
         zValues = new double[numberOfPoints];
         for (int i = 0; i < numberOfPoints; i++) {
-            zValues[i] = buffer.getDouble();
+            zValues[i] = readDouble();
         }
     }
 
-    protected void readMvalues() {
+    protected void readMvalues() throws SQLServerException {
         mValues = new double[numberOfPoints];
         for (int i = 0; i < numberOfPoints; i++) {
-            mValues[i] = buffer.getDouble();
+            mValues[i] = readDouble();
         }
     }
 
-    protected void readNumberOfFigures() {
-        numberOfFigures = buffer.getInt();
+    protected void readNumberOfFigures() throws SQLServerException {
+        numberOfFigures = readInt();
     }
 
-    protected void readFigures() {
+    protected void readFigures() throws SQLServerException {
         byte fa;
         int po;
         figures = new Figure[numberOfFigures];
         for (int i = 0; i < numberOfFigures; i++) {
-            fa = buffer.get();
-            po = buffer.getInt();
+            fa = readByte();
+            po = readInt();
             figures[i] = new Figure(fa, po);
         }
     }
 
-    protected void readNumberOfShapes() {
-        numberOfShapes = buffer.getInt();
+    protected void readNumberOfShapes() throws SQLServerException {
+        numberOfShapes = readInt();
     }
 
-    protected void readShapes() {
+    protected void readShapes() throws SQLServerException {
         int po;
         int fo;
         byte ogt;
         shapes = new Shape[numberOfShapes];
         for (int i = 0; i < numberOfShapes; i++) {
-            po = buffer.getInt();
-            fo = buffer.getInt();
-            ogt = buffer.get();
+            po = readInt();
+            fo = readInt();
+            ogt = readByte();
             shapes[i] = new Shape(po, fo, ogt);
         }
     }
 
-    protected void readNumberOfSegments() {
-        numberOfSegments = buffer.getInt();
+    protected void readNumberOfSegments() throws SQLServerException {
+        numberOfSegments = readInt();
     }
 
-    protected void readSegments() {
+    protected void readSegments() throws SQLServerException {
         byte st;
-        segments = new Segment[numberOfSegments];
+        try {
+            segments = new Segment[numberOfSegments];
+        } catch (NegativeArraySizeException | OutOfMemoryError e) {
+            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ParsingError"));
+            Object[] msgArgs = {JDBCType.VARBINARY};//should throw some kind of 'array size too large error here'
+            throw new SQLServerException(this, form.format(msgArgs), null, 0, false);
+        }
         for (int i = 0; i < numberOfSegments; i++) {
-            st = buffer.get();
+            st = readByte();
             segments[i] = new Segment(st);
         }
     }
@@ -1646,6 +1658,29 @@ private void skipWhiteSpaces() {
             currentWktPos++;
         }
     }
+    
+    private void checkBuffer(int i) throws SQLServerException {
+        if (buffer.remaining() < i) {
+            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ParsingError"));
+            Object[] msgArgs = {JDBCType.VARBINARY};//invalid buffer error message maybe?
+            throw new SQLServerException(this, form.format(msgArgs), null, 0, false);
+        }
+    }
+    
+    protected byte readByte() throws SQLServerException {
+        checkBuffer(1);
+        return buffer.get();
+    }
+    
+    protected int readInt() throws SQLServerException {
+        checkBuffer(4);
+        return buffer.getInt();
+    }
+    
+    protected double readDouble() throws SQLServerException {
+        checkBuffer(8);
+        return buffer.getDouble();
+    }
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -369,10 +369,10 @@ protected void serializeToWkb(boolean noZM) {`
`369`	`369`	`return;`
`370`	`370`	`}`
`371`	`371`
`372`		`- protected void parseWkb() {`
`373`		`- srid = buffer.getInt();`
`374`		`- version = buffer.get();`
`375`		`- serializationProperties = buffer.get();`
	`372`	`+ protected void parseWkb() throws SQLServerException {`
	`373`	`+ srid = readInt();`
	`374`	`+ version = readByte();`
	`375`	`+ serializationProperties = readByte();`
`376`	`376`
`377`	`377`	`interpretSerializationPropBytes();`
`378`	`378`	`readNumberOfPoints();`
`@@ -403,11 +403,11 @@ protected void parseWkb() {`
`403`	`403`	`}`
`404`	`404`	`}`
`405`	`405`
`406`		`- private void readPoints() {`
	`406`	`+ private void readPoints() throws SQLServerException {`
`407`	`407`	`points = new double[2 * numberOfPoints];`
`408`	`408`	`for (int i = 0; i < numberOfPoints; i++) {`
`409`		`- points[2 * i] = buffer.getDouble();`
`410`		`- points[2 * i + 1] = buffer.getDouble();`
	`409`	`+ points[2 * i] = readDouble();`
	`410`	`+ points[2 * i + 1] = readDouble();`
`411`	`411`	`}`
`412`	`412`	`}`
`413`	`413`	`}`