From de4b1da2ce4942c5c1fdc5ba04e244782e68ece1 Mon Sep 17 00:00:00 2001
From: Tyler Gregg <greggt@amazon.com>
Date: Fri, 26 Jan 2024 18:57:34 -0800
Subject: [PATCH 1/2] Update IonFuzz_473_66131_AIOOBE_Test to provoke an
 ArrayIndexOutOfBoundsException

---
 .../ion/failing/IonFuzz_473_66131_AIOOBE_Test.java   | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java
index 41609841e..dd894e86e 100644
--- a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java
+++ b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java
@@ -10,6 +10,8 @@
 import com.fasterxml.jackson.dataformat.ion.*;
 import com.fasterxml.jackson.dataformat.ion.fuzz.IonFuzzTestUtil;
 
+import java.util.Arrays;
+
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
@@ -24,12 +26,14 @@ public class IonFuzz_473_66131_AIOOBE_Test
     @Test
     public void testFuzz66077_ArrayIndexOOBE() throws Exception {
         final byte[] doc = IonFuzzTestUtil.readResource("/data/fuzz-66131.ion");
-        try (JsonParser p = ION_MAPPER.createParser(doc)) {
-            assertEquals(JsonToken.VALUE_STRING, p.nextToken());
-            assertNull(p.nextToken());
+        // The binary Ion data begins at index 32. Cutting off the data at index 44 should not cause an
+        // ArrayIndexOutOfBoundsException during parsing.
+        byte[] slice = Arrays.copyOfRange(doc, 32, 44);
+        try (JsonParser p = ION_MAPPER.createParser(slice)) {
+            assertEquals(JsonToken.START_OBJECT, p.nextToken());
+            p.nextTextValue();
             fail("Should not pass (invalid content)");
         } catch (StreamReadException e) {
-            // May or may not be the exception message to get, change as appropriate
             assertThat(e.getMessage(), Matchers.containsString("Corrupt content to decode"));
         }
     }

From 81512ae6a5421b988883409fae8863793a15d9f4 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Fri, 26 Jan 2024 21:47:57 -0800
Subject: [PATCH 2/2] Use the minimal reproduction

---
 .../ion/failing/IonFuzz_473_66131_AIOOBE_Test.java |  11 ++---------
 ion/src/test/resources/data/fuzz-66131.ion         | Bin 50 -> 0 bytes
 2 files changed, 2 insertions(+), 9 deletions(-)
 delete mode 100644 ion/src/test/resources/data/fuzz-66131.ion

diff --git a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java
index dd894e86e..e721bdc02 100644
--- a/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java
+++ b/ion/src/test/java/com/fasterxml/jackson/dataformat/ion/failing/IonFuzz_473_66131_AIOOBE_Test.java
@@ -8,13 +8,9 @@
 import com.fasterxml.jackson.core.exc.StreamReadException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.ion.*;
-import com.fasterxml.jackson.dataformat.ion.fuzz.IonFuzzTestUtil;
-
-import java.util.Arrays;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
 //[dataformats-binary#473]: ArrayIndexOutOfBoundsException
@@ -25,11 +21,8 @@ public class IonFuzz_473_66131_AIOOBE_Test
 
     @Test
     public void testFuzz66077_ArrayIndexOOBE() throws Exception {
-        final byte[] doc = IonFuzzTestUtil.readResource("/data/fuzz-66131.ion");
-        // The binary Ion data begins at index 32. Cutting off the data at index 44 should not cause an
-        // ArrayIndexOutOfBoundsException during parsing.
-        byte[] slice = Arrays.copyOfRange(doc, 32, 44);
-        try (JsonParser p = ION_MAPPER.createParser(slice)) {
+        final byte[] doc = { (byte) 0xe0, 0x01, 0x00, (byte) 0xea, (byte) 0xdc, (byte) 0x9a };
+        try (JsonParser p = ION_MAPPER.createParser(doc)) {
             assertEquals(JsonToken.START_OBJECT, p.nextToken());
             p.nextTextValue();
             fail("Should not pass (invalid content)");
diff --git a/ion/src/test/resources/data/fuzz-66131.ion b/ion/src/test/resources/data/fuzz-66131.ion
deleted file mode 100644
index 70e1aee05ad730d05b30b3479bf3c043dabff427..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 50
ycmd1HV`gB8iE)i}Rfz?IJcekGyu7@3hB|o+F;=k;7#UtMfWe(vObiSUO0ofVwGP?<