When decoding corrupted BSON, the driver should throw BsonSerializationException rather than other runtime exceptions.

jyemin · jyemin · commit a08422fe6500 · 2015-06-22T17:05:14.000-04:00
JAVA-1864
diff --git a/bson/src/main/org/bson/io/ByteBufferBsonInput.java b/bson/src/main/org/bson/io/ByteBufferBsonInput.java
@@ -16,12 +16,15 @@
 
 package org.bson.io;
 
+import org.bson.BsonSerializationException;
 import org.bson.ByteBuf;
 import org.bson.types.ObjectId;
 
 import java.nio.ByteOrder;
 import java.nio.charset.Charset;
 
+import static java.lang.String.format;
+
 /**
  * An implementation of {@code BsonInput} that is backed by a {@code ByteBuf}.
  *
@@ -57,45 +60,58 @@ public int getPosition() {
     @Override
     public byte readByte() {
         ensureOpen();
+        ensureAvailable(1);
         return buffer.get();
     }
 
     @Override
     public void readBytes(final byte[] bytes) {
         ensureOpen();
+        ensureAvailable(bytes.length);
         buffer.get(bytes);
     }
 
     @Override
     public void readBytes(final byte[] bytes, final int offset, final int length) {
         ensureOpen();
+        ensureAvailable(length);
         buffer.get(bytes, offset, length);
     }
 
     @Override
     public long readInt64() {
         ensureOpen();
+        ensureAvailable(8);
         return buffer.getLong();
     }
 
     @Override
     public double readDouble() {
         ensureOpen();
+        ensureAvailable(8);
         return buffer.getDouble();
     }
 
     @Override
     public int readInt32() {
         ensureOpen();
+        ensureAvailable(4);
         return buffer.getInt();
     }
 
     @Override
     public String readString() {
         ensureOpen();
         int size = readInt32();
+        if (size <= 0) {
+            throw new BsonSerializationException(format("While decoding a BSON string found a size that is not a positive number: %d",
+                                                        size));
+        }
         byte[] bytes = new byte[size];
         readBytes(bytes);
+        if (bytes[size - 1] != 0) {
+            throw new BsonSerializationException("Found a BSON string that is not null-terminated");
+        }
         return new String(bytes, 0, size - 1, UTF8_CHARSET);
     }
 
@@ -126,7 +142,7 @@ public String readCString() {
 
     private void readUntilNullByte() {
         //CHECKSTYLE:OFF
-        while (buffer.get() != 0) { //NOPMD
+        while (readByte() != 0) { //NOPMD
             //do nothing - checkstyle & PMD hate this, not surprisingly
         }
         //CHECKSTYLE:ON
@@ -176,4 +192,10 @@ private void ensureOpen() {
             throw new IllegalStateException("Stream is closed");
         }
     }
+    private void ensureAvailable(final int bytesNeeded) {
+        if (buffer.remaining() < bytesNeeded) {
+            throw new BsonSerializationException(format("While decoding a BSON document %d bytes were required, "
+                                                        + "but only %d remain", bytesNeeded, buffer.remaining()));
+        }
+    }
 }
diff --git a/bson/src/test/unit/org/bson/io/ByteBufferBsonInputSpecification.groovy b/bson/src/test/unit/org/bson/io/ByteBufferBsonInputSpecification.groovy
@@ -16,6 +16,7 @@
 
 package org.bson.io
 
+import org.bson.BsonSerializationException
 import org.bson.ByteBufNIO
 import org.bson.types.ObjectId
 import spock.lang.Specification
@@ -254,4 +255,102 @@ class ByteBufferBsonInputSpecification extends Specification {
         thrown(IllegalStateException)
     }
 
-}
+    def 'should throw BsonSerializationException reading a byte if no byte is available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([] as byte[])))
+
+        when:
+        stream.readByte()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException reading an Int32 if less than 4 bytes are available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([0, 0, 0] as byte[])))
+
+        when:
+        stream.readInt32()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException reading an Int64 if less than 8 bytes are available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([0, 0, 0, 0, 0, 0, 0] as byte[])))
+
+        when:
+        stream.readInt64()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException reading a double if less than 8 bytes are available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([0, 0, 0, 0, 0, 0, 0] as byte[])))
+
+        when:
+        stream.readDouble()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException reading an ObjectId if less than 12 bytes are available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] as byte[])))
+
+        when:
+        stream.readObjectId()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException reading into a byte array if not enough bytes are available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([0, 0, 0, 0, 0, 0, 0] as byte[])))
+
+        when:
+        stream.readBytes(new byte[8])
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException reading partially into a byte array if not enough bytes are available'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([0, 0, 0, 0] as byte[])))
+
+        when:
+        stream.readBytes(new byte[8], 2, 5)
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException if the length of a BSON string is not positive'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([-1, -1, -1, -1, 41, 42, 43, 0] as byte[])))
+
+        when:
+        stream.readString()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+
+    def 'should throw BsonSerializationException if a BSON string is not null-terminated'() {
+        given:
+        def stream = new ByteBufferBsonInput(new ByteBufNIO(ByteBuffer.wrap([4, 0, 0, 0, 41, 42, 43, 99] as byte[])))
+
+        when:
+        stream.readString()
+
+        then:
+        thrown(BsonSerializationException)
+    }
+}
diff --git a/driver/src/test/unit/org/bson/BasicBSONDecoderSpecification.groovy b/driver/src/test/unit/org/bson/BasicBSONDecoderSpecification.groovy
@@ -28,7 +28,6 @@ import spock.lang.Specification
 import spock.lang.Subject
 import spock.lang.Unroll
 
-import java.nio.BufferUnderflowException
 import java.util.regex.Pattern
 
 @SuppressWarnings(['LineLength', 'DuplicateMapLiteral', 'UnnecessaryBooleanExpression'])
@@ -159,9 +158,9 @@ class BasicBSONDecoderSpecification extends Specification {
         where:
         exception                  | bytes
         BsonSerializationException | [13, 0, 0, 0, 16, 97, 0, 1, 0, 0, 0, 0]
-        BufferUnderflowException   | [12, 0, 0, 0, 17, 97, 0, 1, 0, 0, 0, 0]
+        BsonSerializationException | [12, 0, 0, 0, 17, 97, 0, 1, 0, 0, 0, 0]
         BsonSerializationException | [12, 0, 2, 0, 16, 97, 0, 1, 0, 0, 0, 0]
         BsonSerializationException | [5, 0, 0, 0, 16, 97, 0, 1, 0, 0, 0, 0]
-        BufferUnderflowException   | [5, 0, 0, 0, 16, 97, 45, 1, 0, 0, 0, 0]
+        BsonSerializationException | [5, 0, 0, 0, 16, 97, 45, 1, 0, 0, 0, 0]
     }
 }
