Kean Erickson created JOHNZON-216:
-------------------------------------

             Summary: JsonStreamParserImpl.readString throws 
ArrayIndexOutOfBoundsException when dealing with string that contains escape 
characters
                 Key: JOHNZON-216
                 URL: https://issues.apache.org/jira/browse/JOHNZON-216
             Project: Johnzon
          Issue Type: Bug
    Affects Versions: 1.1.12
            Reporter: Kean Erickson


There seems to be a bug within the JsonStreamParserImpl that is allowed in part 
by how it is configured within TomEE. Currently TomEE configures it with a 
maximum string length limit of 8192 bytes by default. It seems that escape 
characters (with backslash) do not properly count towards the total length when 
the string is validated, so it escapes validation. 

To replicate, put the attached file "bad.json" in your user directory and run 
this.


{code:java}
@Test
public void parseEscapeCharacters() throws IOException  {
   File bad = new File(System.getProperty("user.dir")+"/bad.json");
   byte[] badbytes = Files.readAllBytes(bad.toPath());
   String test =  new String(badbytes, StandardCharsets.UTF_8);

   int len = 8192;
   BufferStrategy.BufferProvider<char[]> bs = 
BufferStrategy.QUEUE.newCharProvider(len);
   InputStream stream = new 
ByteArrayInputStream(test.getBytes(StandardCharsets.UTF_8));
   JsonStreamParserImpl impl = new JsonStreamParserImpl(stream, len, bs, bs, 
false);
   while (impl.hasNext())
      impl.next();
}
{code}

Results in 


{code:java}
java.lang.ArrayIndexOutOfBoundsException: 8192

at 
org.apache.johnzon.core.JsonStreamParserImpl.appendToCopyBuffer(JsonStreamParserImpl.java:158)
at 
org.apache.johnzon.core.JsonStreamParserImpl.readString(JsonStreamParserImpl.java:592)
at 
org.apache.johnzon.core.JsonStreamParserImpl.handleQuote(JsonStreamParserImpl.java:695)
at 
org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:440)
at 
org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:400)
at zzz.parseEscapeCharacters(zzz.java:818){code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to