Fix bounds check when non-exact bytebuffer is passed

adwsingh · rhernandez35 · commit f7223204aec3 · 2025-07-16T23:10:07.000-05:00
diff --git a/codecs/cbor-codec/src/main/java/software/amazon/smithy/java/cbor/CborDeserializer.java b/codecs/cbor-codec/src/main/java/software/amazon/smithy/java/cbor/CborDeserializer.java
@@ -108,10 +108,11 @@ private Schema getMemberIfSame(Object o, byte[] bytes, int off, int len) {
         if (byteBuffer.hasArray()) {
             byte[] payload = byteBuffer.array();
             this.payload = payload;
+            int start = byteBuffer.arrayOffset() + byteBuffer.position();
             this.parser = new CborParser(
                     payload,
-                    byteBuffer.arrayOffset() + byteBuffer.position(),
-                    byteBuffer.remaining());
+                    start,
+                    start + byteBuffer.remaining());
         } else {
             int pos = byteBuffer.position();
             this.payload = new byte[byteBuffer.remaining()];
diff --git a/codecs/cbor-codec/src/main/java/software/amazon/smithy/java/cbor/CborParser.java b/codecs/cbor-codec/src/main/java/software/amazon/smithy/java/cbor/CborParser.java
@@ -149,7 +149,7 @@ public static int itemLength(int itemLength) {
     }
 
     private final byte[] buffer;
-    private final int len;
+    private final int end;
     private int idx;
     private byte token;
 
@@ -168,10 +168,10 @@ public CborParser(byte[] buffer) {
         this(buffer, 0, buffer.length);
     }
 
-    public CborParser(byte[] buffer, int off, int len) {
+    public CborParser(byte[] buffer, int off, int end) {
         this.buffer = buffer;
         this.idx = off;
-        this.len = len;
+        this.end = end;
     }
 
     /**
@@ -229,15 +229,15 @@ private byte nextToken0() {
             } else if ((state & 3) == 0) {
                 // mask is 0b11: low bit is collection type (map == 0), high bit is 0 if the count is even
                 int i = (idx += itemLength(itemLength) + overhead);
-                if (i >= len) {
+                if (i >= end) {
                     throwIncompleteCollectionException();
                 }
                 return dispatchKey(buffer[i]);
             }
         }
 
         int i = (idx += itemLength(itemLength) + overhead);
-        if (i >= len) {
+        if (i >= end) {
             return endOfBuffer(i);
         }
 
@@ -260,7 +260,7 @@ private byte dispatchKey(byte b) {
     private byte endOfBuffer(int i) {
         itemLength = 0;
         overhead = 0;
-        if (i > len) {
+        if (i > end) {
             throw new BadCborException("unexpected end of payload");
         }
         if (inCollection) {
@@ -506,7 +506,7 @@ private void readIndefiniteLength(byte type) {
         itemLength = 0;
         int scan = ++idx;
         while (true) {
-            if (scan >= len)
+            if (scan >= end)
                 throw new BadCborException("non-terminating string");
             byte b = buffer[scan];
             if (b == SIMPLE_STREAM_BREAK) {
