[jira] [Commented] (CXF-7496) Parsing Bug in org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter: in-string "{"

Tue, 05 Sep 2017 05:21:28 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-7496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153551#comment-16153551
 ] 

Alon Bar-Lev commented on CXF-7496:
-----------------------------------

Thanks for the prompt action.

I wounder, what do you recommend? We are failing JWT validations because of 
this bug... What can we do in the mean time? This issue is severe, enough for 
us to consider which to a different library.

Thanks!

> Parsing Bug in org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter: 
> in-string "{"
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-7496
>                 URL: https://issues.apache.org/jira/browse/CXF-7496
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.1.7, 3.1.12
>         Environment: java version "1.8.0_25"
> Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
> Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
>            Reporter: Alon Bar-Lev
>
> Hello,
> We have found incorrect parsing of "{" within JSON strings. It seems like the 
> parser searches for "{" and "}" regardless of string boundary.
> A reproduction program is attached, using latest 3.1.12 version.
> Thanks!
> h2. REPRODUCTION
> {code}
> import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
> public class JsonMapReaderNotWorking {
>       
>       public static void main(String args[]) throws Exception
>       {
>               JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new 
> JsonMapObjectReaderWriter();
>               String s = "{\"x\":{\"y\":\"{\"}}";
>               System.out.println(s);
>               jsonMapObjectReaderWriter.fromJson(s);
>       }
> }
> {code}
> h2. RESULT
> {code}
>       {"x":{"y":"{"}}
>       Exception in thread "main" java.lang.StringIndexOutOfBoundsException: 
> String index out of range: -6
>               at java.lang.String.substring(String.java:1967)
>               at 
> org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter.readJsonObjectAsSettable(JsonMapObjectReaderWriter.java:189)
>               at 
> org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter.fromJson(JsonMapObjectReaderWriter.java:162)
>               at JsonMapReaderNotWorking.main(JsonMapReaderNotWorking.java:13)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to