Skip to content

DataContractJsonSerializer.ReadObject throws IndexOutOfRangeException #1410

New issue
New issue
Closed
Closed
DataContractJsonSerializer.ReadObject throws IndexOutOfRangeException#1410
Labels
area-Serializationbug
Milestone
Future
@Metalnem

Description

@Metalnem
Metalnem
opened on Feb 9, 2019

DataContractJsonSerializer.ReadObject sometimes throws IndexOutOfRangeException. Here's the full program that reproduces this:

using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Json;
using System.Text;

namespace CoreFX.Fuzz
{
  public class Program
  {
    public static void Main(string[] args)
    {
      var json = @"{""a"":N2,]}";
      var bytes = Encoding.UTF8.GetBytes(json);
      var stream = new MemoryStream(bytes);
      var serializer = new DataContractJsonSerializer(typeof(object));

      serializer.ReadObject(stream);
    }
  }
}

The stack trace:

Exception has occurred: CLR/System.IndexOutOfRangeException
An unhandled exception of type 'System.IndexOutOfRangeException' occurred in System.Private.DataContractSerialization.dll: 'Index was outside the bounds of the array.'
   at System.Runtime.Serialization.Json.XmlJsonReader.ExitJsonScope()
   at System.Runtime.Serialization.Json.XmlJsonReader.Read()
   at System.Xml.XmlBaseReader.ReadEndElement()
   at System.Runtime.Serialization.Json.JsonClassDataContract.ReadJsonValueCore(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)
   at System.Runtime.Serialization.Json.JsonDataContract.ReadJsonValue(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)
   at System.Runtime.Serialization.Json.XmlObjectSerializerReadContextComplexJson.ReadDataContractValue(DataContract dataContract, XmlReaderDelegator reader)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, DataContract& dataContract)
   at System.Runtime.Serialization.XmlObjectSerializerReadContextComplex.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
   at System.Runtime.Serialization.Json.DataContractJsonSerializerImpl.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName)
   at System.Runtime.Serialization.XmlObjectSerializer.InternalReadObject(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.Json.DataContractJsonSerializerImpl.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializerImpl.ReadObject(Stream stream)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)

The environment:

.NET Core SDK (reflecting any global.json):
 Version:   2.2.103
 Commit:    8edbc2570a

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.14
 OS Platform: Darwin
 RID:         osx.10.14-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.2.103/

Found via SharpFuzz.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-Serializationbug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions