Kean Erickson created JOHNZON-216: ------------------------------------- Summary: JsonStreamParserImpl.readString throws ArrayIndexOutOfBoundsException when dealing with string that contains escape characters Key: JOHNZON-216 URL: https://issues.apache.org/jira/browse/JOHNZON-216 Project: Johnzon Issue Type: Bug Affects Versions: 1.1.12 Reporter: Kean Erickson
There seems to be a bug within the JsonStreamParserImpl that is allowed in part by how it is configured within TomEE. Currently TomEE configures it with a maximum string length limit of 8192 bytes by default. It seems that escape characters (with backslash) do not properly count towards the total length when the string is validated, so it escapes validation. To replicate, put the attached file "bad.json" in your user directory and run this. {code:java} @Test public void parseEscapeCharacters() throws IOException { File bad = new File(System.getProperty("user.dir")+"/bad.json"); byte[] badbytes = Files.readAllBytes(bad.toPath()); String test = new String(badbytes, StandardCharsets.UTF_8); int len = 8192; BufferStrategy.BufferProvider<char[]> bs = BufferStrategy.QUEUE.newCharProvider(len); InputStream stream = new ByteArrayInputStream(test.getBytes(StandardCharsets.UTF_8)); JsonStreamParserImpl impl = new JsonStreamParserImpl(stream, len, bs, bs, false); while (impl.hasNext()) impl.next(); } {code} Results in {code:java} java.lang.ArrayIndexOutOfBoundsException: 8192 at org.apache.johnzon.core.JsonStreamParserImpl.appendToCopyBuffer(JsonStreamParserImpl.java:158) at org.apache.johnzon.core.JsonStreamParserImpl.readString(JsonStreamParserImpl.java:592) at org.apache.johnzon.core.JsonStreamParserImpl.handleQuote(JsonStreamParserImpl.java:695) at org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:440) at org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:400) at zzz.parseEscapeCharacters(zzz.java:818){code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)