(backport from 2.21) Fix #649 (#650)

cowtowncoder · cowtowncoder · commit 916377df614c · 2026-02-19T11:26:40.000-08:00
diff --git a/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORFactory.java b/cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORFactory.java
@@ -424,6 +424,8 @@ protected JsonParser _createParser(char[] data, int offset, int len, IOContext c
     @Override
     protected CBORParser _createParser(byte[] data, int offset, int len, IOContext ctxt) throws IOException
     {
+        // [core#1548] Validate doc length up front for fixed buffers
+        _streamReadConstraints.validateDocumentLength(len);
         return new CBORParserBootstrapper(ctxt, data, offset, len).constructParser(
                 _factoryFeatures, _parserFeatures, _formatParserFeatures,
                 _objectCodec, _byteSymbolCanonicalizer);
diff --git a/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/gen/constraints/LongDocumentCBORReadTest.java b/cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/gen/constraints/LongDocumentCBORReadTest.java
@@ -9,15 +9,15 @@
 import com.fasterxml.jackson.core.StreamReadConstraints;
 import com.fasterxml.jackson.core.exc.StreamConstraintsException;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
 import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;
+import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper;
 
 public class LongDocumentCBORReadTest extends CBORTestBase
 {
-    private final ObjectMapper MAPPER_VANILLA = cborMapper();
+    private final CBORMapper MAPPER_VANILLA = cborMapper();
 
-    private final ObjectMapper MAPPER_CONSTRAINED = cborMapper(
+    private final CBORMapper MAPPER_CONSTRAINED = cborMapper(
             CBORFactory.builder()
             // limit to 100kB doc reads
                 .streamReadConstraints(StreamReadConstraints.builder()
@@ -29,13 +29,20 @@ public void testLongDocumentConstraint() throws Exception
     {
         // Need a bit longer than minimum since checking is approximate, not exact
         byte[] doc = createBigDoc(60_000);
-        // Must read from `InputStream` as validation is during "loadMore()":
-        try (JsonParser p = MAPPER_CONSTRAINED.createParser(new ByteArrayInputStream(doc))) {
+        _testLongDocumentConstraint(doc, true);
+        // [dataformats-binary#649] fixed buffer too
+        _testLongDocumentConstraint(doc, false);
+    }
+
+    private void _testLongDocumentConstraint(byte[] doc, boolean stream) throws Exception
+    {
+        try (JsonParser p = stream
+                ? MAPPER_CONSTRAINED.createParser(new ByteArrayInputStream(doc))
+                : MAPPER_CONSTRAINED.createParser(doc, 0, doc.length)) {
             while (p.nextToken() != null) { }
             fail("expected StreamConstraintsException");
         } catch (StreamConstraintsException e) {
             final String msg = e.getMessage();
-
             assertTrue(msg.contains("Document length ("));
             assertTrue(msg.contains("exceeds the maximum allowed (50000"));
         }
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -14,6 +14,11 @@ Active maintainers:
 === Releases ===
 ------------------------------------------------------------------------
 
+2.18.6 (not yet released)
+
+#649: (cbor, smile) `StreamReadConstraints.maxDocumentLength` not checked
+  when creating parser with fixed buffer
+
 2.18.5 (27-Oct-2025)
 
 #599: (cbor) Unable to deserialize stringref-enabled CBOR with ignored properties
diff --git a/smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileFactory.java b/smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileFactory.java
@@ -457,6 +457,8 @@ protected JsonParser _createParser(char[] data, int offset, int len, IOContext c
     @Override
     protected SmileParser _createParser(byte[] data, int offset, int len, IOContext ctxt) throws IOException
     {
+        // [core#1548] Validate doc length up front for fixed buffers
+        _streamReadConstraints.validateDocumentLength(len);
         return new SmileParserBootstrapper(ctxt, data, offset, len).constructParser(
                 _factoryFeatures, _parserFeatures, _smileParserFeatures,
                 _objectCodec, _byteSymbolCanonicalizer);
diff --git a/smile/src/test/java/com/fasterxml/jackson/dataformat/smile/constraints/LongDocumentSmileReadTest.java b/smile/src/test/java/com/fasterxml/jackson/dataformat/smile/constraints/LongDocumentSmileReadTest.java
@@ -9,16 +9,15 @@
 import com.fasterxml.jackson.core.StreamReadConstraints;
 import com.fasterxml.jackson.core.exc.StreamConstraintsException;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.smile.BaseTestForSmile;
 import com.fasterxml.jackson.dataformat.smile.SmileFactory;
 import com.fasterxml.jackson.dataformat.smile.databind.SmileMapper;
-import com.fasterxml.jackson.dataformat.smile.BaseTestForSmile;
 
 public class LongDocumentSmileReadTest extends BaseTestForSmile
 {
-    private final ObjectMapper MAPPER_VANILLA = new SmileMapper();
+    private final SmileMapper MAPPER_VANILLA = new SmileMapper();
 
-    private final ObjectMapper MAPPER_CONSTRAINED = new SmileMapper(
+    private final SmileMapper MAPPER_CONSTRAINED = new SmileMapper(
             SmileFactory.builder()
             // limit to 100kB doc reads
                 .streamReadConstraints(StreamReadConstraints.builder()
@@ -30,13 +29,20 @@ public void testLongDocumentConstraint() throws Exception
     {
         // Need a bit longer than minimum since checking is approximate, not exact
         byte[] doc = createBigDoc(60_000);
-        // Must read from `InputStream` as validation is during "loadMore()":
-        try (JsonParser p = MAPPER_CONSTRAINED.createParser(new ByteArrayInputStream(doc))) {
+        _testLongDocumentConstraint(doc, true);
+        // [dataformats-binary#649] fixed buffer too
+        _testLongDocumentConstraint(doc, false);
+    }
+
+    private void _testLongDocumentConstraint(byte[] doc, boolean stream) throws Exception
+    {
+        try (JsonParser p = stream
+                ? MAPPER_CONSTRAINED.createParser(new ByteArrayInputStream(doc))
+                : MAPPER_CONSTRAINED.createParser(doc, 0, doc.length)) {
             while (p.nextToken() != null) { }
             fail("expected StreamConstraintsException");
         } catch (StreamConstraintsException e) {
             final String msg = e.getMessage();
-
             assertTrue(msg.contains("Document length ("));
             assertTrue(msg.contains("exceeds the maximum allowed (50000"));
         }

Original file line number	Diff line number	Diff line change
`@@ -424,6 +424,8 @@ protected JsonParser _createParser(char[] data, int offset, int len, IOContext c`
`424`	`424`	`@Override`
`425`	`425`	`protected CBORParser _createParser(byte[] data, int offset, int len, IOContext ctxt) throws IOException`
`426`	`426`	`{`
	`427`	`+ // [core#1548] Validate doc length up front for fixed buffers`
	`428`	`+ _streamReadConstraints.validateDocumentLength(len);`
`427`	`429`	`return new CBORParserBootstrapper(ctxt, data, offset, len).constructParser(`
`428`	`430`	`_factoryFeatures, _parserFeatures, _formatParserFeatures,`
`429`	`431`	`_objectCodec, _byteSymbolCanonicalizer);`
Original file line number	Diff line number	Diff line change
`@@ -457,6 +457,8 @@ protected JsonParser _createParser(char[] data, int offset, int len, IOContext c`
`457`	`457`	`@Override`
`458`	`458`	`protected SmileParser _createParser(byte[] data, int offset, int len, IOContext ctxt) throws IOException`
`459`	`459`	`{`
	`460`	`+ // [core#1548] Validate doc length up front for fixed buffers`
	`461`	`+ _streamReadConstraints.validateDocumentLength(len);`
`460`	`462`	`return new SmileParserBootstrapper(ctxt, data, offset, len).constructParser(`
`461`	`463`	`_factoryFeatures, _parserFeatures, _smileParserFeatures,`
`462`	`464`	`_objectCodec, _byteSymbolCanonicalizer);`