[jira] [Comment Edited] (JOHNZON-216) JsonStreamParserImpl.readString throws ArrayIndexOutOfBoundsException when dealing with string that contains escape characters

Wed, 01 Dec 2021 12:27:06 -0800 


    [ 
https://issues.apache.org/jira/browse/JOHNZON-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17451596#comment-17451596
 ] 

Kean Erickson edited comment on JOHNZON-216 at 12/1/21, 8:26 PM:
-----------------------------------------------------------------

I have not had a chance to get around to the messaging changes, however with 
Romain's changes in Johnzon 1.2.14 or earlier, the issue with escape characters 
does seem to be fixed.  Here's an updated test that's passing. Thanks Romain!

https://apache.googlesource.com/johnzon/+/62ed6949eb3e2053c6ea6720ef0125004f20b89a
{code:java}
     @Test
    void parseEscapeCharacters() throws IOException {
        File bad = new File(System.getProperty("user.dir")+"/bad.json");
        byte[] badbytes = Files.readAllBytes(bad.toPath());
        String test =  new String(badbytes, StandardCharsets.UTF_8);        
        int len = badbytes.length;
        BufferStrategy bs = BufferStrategyFactory.valueOf("QUEUE");
        try (InputStream stream = new 
ByteArrayInputStream(test.getBytes(StandardCharsets.UTF_8))) {
            BufferStrategy.BufferProvider<char[]> bp = bs.newCharProvider(len);
            JsonStreamParserImpl impl = new JsonStreamParserImpl(stream, len, 
bp, bp, false);
            while (impl.hasNext())
                impl.next();
        }
    }{code}


was (Author: kerickson):
I have not had a change to get around to the messaging changes, however with 
Romain's changes in Johnzon 1.2.14 or earlier, the issue with escape characters 
does seem to be fixed.  Here's an updated test that's passing. Thanks Romain!


{code:java}
     @Test
    void parseEscapeCharacters() throws IOException {
        File bad = new File(System.getProperty("user.dir")+"/bad.json");
        byte[] badbytes = Files.readAllBytes(bad.toPath());
        String test =  new String(badbytes, StandardCharsets.UTF_8);        
        int len = badbytes.length;
        BufferStrategy bs = BufferStrategyFactory.valueOf("QUEUE");
        try (InputStream stream = new 
ByteArrayInputStream(test.getBytes(StandardCharsets.UTF_8))) {
            BufferStrategy.BufferProvider<char[]> bp = bs.newCharProvider(len);
            JsonStreamParserImpl impl = new JsonStreamParserImpl(stream, len, 
bp, bp, false);
            while (impl.hasNext())
                impl.next();
        }
    }{code}

> JsonStreamParserImpl.readString throws ArrayIndexOutOfBoundsException when 
> dealing with string that contains escape characters
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JOHNZON-216
>                 URL: https://issues.apache.org/jira/browse/JOHNZON-216
>             Project: Johnzon
>          Issue Type: Bug
>    Affects Versions: 1.1.12
>            Reporter: Kean Erickson
>            Assignee: Mark Struberg
>            Priority: Minor
>             Fix For: 1.2.16
>
>         Attachments: bad.json
>
>
> There seems to be a bug within the JsonStreamParserImpl that is allowed in 
> part by how it is configured within TomEE. Currently TomEE configures it with 
> a maximum string length limit of 8192 bytes by default. It seems that escape 
> characters (with backslash) do not properly count towards the total length 
> when the string is validated, so it escapes validation. 
> To replicate, put the attached file "bad.json" in your user directory and run 
> this.
> {code:java}
> @Test
> public void parseEscapeCharacters() throws IOException  {
>    File bad = new File(System.getProperty("user.dir")+"/bad.json");
>    byte[] badbytes = Files.readAllBytes(bad.toPath());
>    String test =  new String(badbytes, StandardCharsets.UTF_8);
>    int len = 8192;
>    BufferStrategy.BufferProvider<char[]> bs = 
> BufferStrategy.QUEUE.newCharProvider(len);
>    InputStream stream = new 
> ByteArrayInputStream(test.getBytes(StandardCharsets.UTF_8));
>    JsonStreamParserImpl impl = new JsonStreamParserImpl(stream, len, bs, bs, 
> false);
>    while (impl.hasNext())
>       impl.next();
> }
> {code}
> Results in 
> {code:java}
> java.lang.ArrayIndexOutOfBoundsException: 8192
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.appendToCopyBuffer(JsonStreamParserImpl.java:158)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.readString(JsonStreamParserImpl.java:592)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.handleQuote(JsonStreamParserImpl.java:695)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:440)
> at 
> org.apache.johnzon.core.JsonStreamParserImpl.next(JsonStreamParserImpl.java:400)
> at zzz.parseEscapeCharacters(zzz.java:818){code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to