Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DataContractJsonSerializer.ReadObject throws ArgumentOutOfRangeException #28659

Closed
Metalnem opened this issue Feb 9, 2019 · 3 comments
Closed

DataContractJsonSerializer.ReadObject throws ArgumentOutOfRangeException #28659

Metalnem opened this issue Feb 9, 2019 · 3 comments
Assignees
@jiayi11
Labels
area-Serialization
Milestone
3.0

Comments

@Metalnem
Copy link

Metalnem commented Feb 9, 2019

DataContractJsonSerializer.ReadObject sometimes throws ArgumentOutOfRangeException. Here's the full program that reproduces this:

using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Json;
using System.Text;

namespace CoreFX.Fuzz
{
  public class Program
  {
    [DataContract]
    private class Obj
    {
      [DataMember] public DateTime X = DateTime.MinValue;
    }

    public static void Main(string[] args)
    {
      var json = @"{""X"":""\/Date()\/""}";
      var bytes = Encoding.UTF8.GetBytes(json);
      var stream = new MemoryStream(bytes);
      var serializer = new DataContractJsonSerializer(typeof(Obj));

      serializer.ReadObject(stream);
    }
  }
}

The stack trace:

Exception has occurred: CLR/System.ArgumentOutOfRangeException
An unhandled exception of type 'System.ArgumentOutOfRangeException' occurred in System.Private.CoreLib.dll: 'Index was out of range. Must be non-negative and less than the size of the collection.'
   at System.String.IndexOf(Char value, Int32 startIndex, Int32 count)
   at System.Runtime.Serialization.Json.JsonReaderDelegator.ParseJsonDateInDefaultFormat(String originalDateTimeValue)
   at System.Runtime.Serialization.Json.JsonReaderDelegator.ParseJsonDate(String originalDateTimeValue, DateTimeFormat dateTimeFormat)
   at System.Runtime.Serialization.Json.JsonReaderDelegator.ReadElementContentAsDateTime()
   at System.Runtime.Serialization.Json.JsonClassDataContract.ReadJsonValueCore(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)
   at System.Runtime.Serialization.Json.JsonDataContract.ReadJsonValue(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)
   at System.Runtime.Serialization.Json.XmlObjectSerializerReadContextComplexJson.ReadDataContractValue(DataContract dataContract, XmlReaderDelegator reader)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, DataContract& dataContract)
   at System.Runtime.Serialization.XmlObjectSerializerReadContextComplex.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
   at System.Runtime.Serialization.Json.DataContractJsonSerializerImpl.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName)
   at System.Runtime.Serialization.XmlObjectSerializer.InternalReadObject(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.Json.DataContractJsonSerializerImpl.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializerImpl.ReadObject(Stream stream)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)

The environment:

.NET Core SDK (reflecting any global.json):
 Version:   2.2.103
 Commit:    8edbc2570a

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.14
 OS Platform: Darwin
 RID:         osx.10.14-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.2.103/

Found via SharpFuzz.
@Lxiamail
Copy link
Member

@Metalnem Thanks for reporting the issue. What's the real world scenario using @"{""X"":""/Date()/""}" ?

@Metalnem
Copy link
Author

There is nothing really interesting about that particular input. I was just looking for the disrepancies between the exceptions that ReadObject should throw (SerializationException), and what it actually can throw in practice.

@jiayi11
Copy link
Member

jiayi11 commented Feb 14, 2019
edited
Loading

The ArgumentOutOfRangeExceptionexception is thrown when it tries to parse the empty datetime string. However, we decided not to fix this particular issue.
The "\/Date(...)\/" string is very specifically a .NET format of serializing DateTime to JSON. DataContractSerializer and DataContractJsonSerializer are specifically designed to work when both ends are .NET. So an empty DateTime string like "\/Date()\/" will actually not be generated during serialization which means there is no need to consume the empty datetime string.

@jiayi11 jiayi11 closed this as completed Feb 14, 2019
@msftgits msftgits transferred this issue from dotnet/corefx Feb 1, 2020
@msftgits msftgits added this to the 3.0 milestone Feb 1, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Dec 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jiayi11 jiayi11

Labels
area-Serialization
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
4 participants
@Metalnem @Lxiamail @msftgits @jiayi11