Skip to content

MessageParser.ParseFrom throws unexpected exceptions (C#) #5513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Metalnem opened this issue Dec 27, 2018 · 1 comment
Closed

MessageParser.ParseFrom throws unexpected exceptions (C#) #5513

Metalnem opened this issue Dec 27, 2018 · 1 comment
Assignees
@anandolee
Labels
c#

Comments

@Metalnem
Copy link

MessageParser.ParseFrom should throw InvalidProtocolBufferException when parsing invalid message, but it can also throw several other unexpected exceptions:

  • ArgumentException
  • ArgumentOutOfRangeException
  • InvalidOperationException

The following C# program demonstrates this:

using System;
using Sample;

namespace Google.Protobuf.Run
{
  public class Program
  {
    public static void Main(string[] args)
    {
      try
      {
        var bytes = new byte[]
        {
          34, 255, 255, 255, 255,
          7, 34, 255, 255, 101
        };

        Person.Parser.ParseFrom(bytes);
      }
      catch (ArgumentException) { }

      try
      {
        var bytes = new byte[]
        {
          10, 247, 181, 144, 151, 110, 32, 68,
          111, 101, 16, 210, 9, 26, 16, 106, 100,
          111, 101, 64, 101, 120, 97, 109, 112,
          108, 101, 46, 99, 111, 109, 34, 12, 10,
          8, 53, 53, 53, 45, 52, 51, 50, 49, 16, 1
        };

        Person.Parser.ParseFrom(bytes);
      }
      catch (ArgumentOutOfRangeException) { }

      try
      {
        var bytes = new byte[]
        {
          14, 8, 74, 111, 104, 110, 32, 68, 111,
          101, 16, 210, 9, 26, 16, 106, 100, 111,
          101, 64, 101, 120, 97, 109, 112, 108,
          101, 46, 99, 111, 109, 34, 12, 10, 8, 53,
          53, 53, 45, 52, 51, 50, 59, 16, 1
        };

        Person.Parser.ParseFrom(bytes);
      }
      catch (InvalidOperationException) { }
    }
  }
}

Proto definition of the Person class:

syntax = "proto3";
package sample;

message Person {
  string name = 1;
  int32 id = 2;
  string email = 3;

  enum PhoneType {
    MOBILE = 0;
    HOME = 1;
    WORK = 2;
  }

  message PhoneNumber {
    string number = 1;
    PhoneType type = 2;
  }

  repeated PhoneNumber phones = 4;
}

Generated C# code for the Person class is in the attached archive.
I'm using .NET Core 2.1 and the latest NuGet version of the Google.Protobuf package (version 3.6.1).

Found via SharpFuzz.
@BSBandme BSBandme added the c# label Dec 28, 2018
@anandolee
Copy link
Contributor

Thanks to raise it up. But we do not have enough engineer to fix C# issue. Are you able to create a fixing PR and assign to me?

ObsidianMinor added a commit to ObsidianMinor/protobuf that referenced this issue Jan 16, 2019
@ObsidianMinor
Fix protocolbuffers#5513
28b8653
@ObsidianMinor ObsidianMinor mentioned this issue Jan 16, 2019
Merged
anandolee pushed a commit that referenced this issue Feb 26, 2019
@ObsidianMinor @anandolee
Add some exceptions for MessageParser.ParseFrom (#5588)
a4c3472 
* Fix #5513

* Added tests for invalid lengths when reading strings and bytes.
Added test for reading tags with invalid wire types in unknown field set.
Changed invalid length check in ReadString to match the one in ReadBytes
@JamesNK JamesNK mentioned this issue May 20, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anandolee anandolee

Labels
c#
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Metalnem @BSBandme @anandolee