Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.0.0.AM26
-
None
Description
Class: StringSerializer
Method: deserialize()
I performed fuzz testing of the deserialize() method of StringSerializer class. In result of fuzzing test there is ArrayIndexOutOfBoundsExceptionÂ
INFO: A corpus is not provided, starting from an empty corpus == Java Exception: java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1 at org.apache.directory.server.core.partition.impl.btree.jdbm.StringSerializer.deserialize(StringSerializer.java:66) at fuzzing.StringSerializer.DeSerializeFuzzer.fuzzerTestOneInput(DeSerializeFuzzer.java:33) DEDUP_TOKEN: 4c1c61d09464ed94 == libFuzzer crashing input == MS: 0 ; base unit: 0000000000000000000000000000000000000000 0xa, \012 artifact_prefix='StringSerializer-'; Test unit written to StringSerializer-crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc Base64: Cg== stat::number_of_executed_units: 2 stat::average_exec_per_sec: 0 stat::new_units_added: 0 stat::slowest_unit_time_sec: 0 stat::peak_rss_mb: 886 reproducer_path='fuzzing/StringSerializer/repro'; Java reproducer written to fuzzing/StringSerializer/repro/Crash_adc83b19e793491b1c6ea0fd8b46cd9f32e592fc.java
Perhaps should you add another exception types (or base Exception) to the deserialize() function signature, or wrap the specified methods in try/catch blocks?