Description

Given the following BJData input

00000000: 5b24 4d23 5b49 0020 4d00 0000 0000 0020  [$M#[I. M...... 
00000010: ff5d                                     .]

the library can successfully parse it to

{
    "_ArrayData_": [],
    "_ArraySize_": [
        8192,
        -63050394783186944
    ],
    "_ArrayType_": "uint64"
}

However, when then serializing this JSON as BJData, the following exception is raised:

[json.exception.parse_error.113] parse error at byte 17: syntax error while parsing BJData size: count in an optimized container must be positive

The error was found by OSS-Fuzz, and is unrelated to the latest fixes.

• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47523&q=label%3AProj-json
• https://oss-fuzz.com/testcase-detail/5159110460440576

Reproduction steps

int main() {
    auto vec = readFile("clusterfuzz-testcase-minimized-parse_bjdata_fuzzer-5159110460440576.bjdata");

    auto j = json::from_bjdata(vec);
    std::vector<uint8_t> vec2 = json::to_bjdata(j, false, false);

    json::from_bjdata(vec2);
}

Expected vs. actual results

• Expected: Either reject the original input or (also) accept the created byte vector.
• Actual: Accepting the input, but rejecting the byte vector.

I would also be fine with adding a note to https://json.nlohmann.me/features/binary_formats/bjdata/, but then we also need to adjust https://github.com/nlohmann/json/blob/develop/tests/src/fuzzer-parse_bjdata.cpp#L65

Minimal code example

See above.

Error messages

[json.exception.parse_error.113] parse error at byte 17: syntax error while parsing BJData size: count in an optimized container must be positive

Compiler and operating system

OSS-Fuzz

Library version

develop

Validation

• The bug also occurs if the latest version from the develop branch is used.
• I can successfully compile and run the unit tests.