[jira] [Updated] (JOHNZON-216) JsonStreamParserImpl.readString throws ArrayIndexOutOfBoundsException when dealing with string that contains escape characters

Mon, 03 Aug 2020 23:57:46 -0700 


     [ 
https://issues.apache.org/jira/browse/JOHNZON-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Romain Manni-Bucau updated JOHNZON-216:
---------------------------------------
    Fix Version/s: 1.2.9

> JsonStreamParserImpl.readString throws ArrayIndexOutOfBoundsException when 
> dealing with string that contains escape characters
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JOHNZON-216
>                 URL: https://issues.apache.org/jira/browse/JOHNZON-216
>             Project: Johnzon
>          Issue Type: Bug
>    Affects Versions: 1.1.12
>            Reporter: Kean Erickson
>            Assignee: Mark Struberg
>            Priority: Minor
>             Fix For: 1.2.9
>
>         Attachments: bad.json
>
>
> There seems to be a bug within the JsonStreamParserImpl that is allowed in 
> part by how it is configured within TomEE. Currently TomEE configures it with 
> a maximum string length limit of 8192 bytes by default. It seems that escape 
> characters (with backslash) do not properly count towards the total length 
> when the string is validated, so it escapes validation. 
> To replicate, put the attached file "bad.json" in your user directory and run 
> this.
> {code:java}
> @Test
> public void parseEscapeCharacters() throws IOException  {
>    File bad = new File(System.getProperty("user.dir")+"/bad.json");
>    byte[] badbytes = Files.readAllBytes(bad.toPath());
>    String test =  new String(badbytes, StandardCharsets.UTF_8);
>    int len = 8192;
>    BufferStrategy.BufferProvider<char[]> bs = 
> BufferStrategy.QUEUE.newCharProvider(len);
>    InputStream stream = new 
> ByteArrayInputStream(test.getBytes(StandardCharsets.UTF_8));
>    JsonStreamParserImpl impl = new JsonStreamParserImpl(stream, len, bs, bs, 
> false);
>    while (impl.hasNext())
>       impl.next();
> }
> {code}
> Results in 
> {code:java}
> java.lang.ArrayIndexOutOfBoundsException: 8192
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.appendToCopyBuffer(JsonStreamParserImpl.java:158)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.readString(JsonStreamParserImpl.java:592)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.handleQuote(JsonStreamParserImpl.java:695)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:440)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:400)
> at zzz.parseEscapeCharacters(zzz.java:818){code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to