-
-
Notifications
You must be signed in to change notification settings - Fork 796
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix infinite loop due to integer overflow when reading large strings (#…
- Loading branch information
Showing
6 changed files
with
102 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
src/main/java/com/fasterxml/jackson/core/util/InternalJacksonUtil.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package com.fasterxml.jackson.core.util; | ||
|
||
/** | ||
* Internal Use Only. Helper class used to contain some useful utility methods. | ||
* | ||
* @since 2.17.3 / 2.18.1 | ||
*/ | ||
public abstract class InternalJacksonUtil { | ||
/** | ||
* Internal Use Only. | ||
* <p> | ||
* Method that will add two non-negative integers, and if result overflows, return | ||
* {@link Integer#MAX_VALUE}. For performance reasons, does NOT check for | ||
* the result being less than {@link Integer#MIN_VALUE}, nor whether arguments | ||
* are actually non-negative. | ||
* This is usually used to implement overflow-safe bounds checking. | ||
*/ | ||
public static int addOverflowSafe(final int base, final int length) { | ||
int result = base + length; | ||
if (result < 0) { | ||
return Integer.MAX_VALUE; | ||
} | ||
return result; | ||
} | ||
} |
55 changes: 55 additions & 0 deletions
55
src/test/java/com/fasterxml/jackson/core/read/TestReadHumongousString.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
package com.fasterxml.jackson.core.read; | ||
|
||
import org.junit.jupiter.api.Disabled; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.Timeout; | ||
|
||
import com.fasterxml.jackson.core.JUnit5TestBase; | ||
import com.fasterxml.jackson.core.JsonFactory; | ||
import com.fasterxml.jackson.core.JsonParser; | ||
import com.fasterxml.jackson.core.JsonToken; | ||
import com.fasterxml.jackson.core.StreamReadConstraints; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.junit.jupiter.api.Assertions.assertNull; | ||
|
||
import java.util.Arrays; | ||
import java.util.concurrent.TimeUnit; | ||
|
||
// https://github.com/FasterXML/jackson-core/pull/1352 | ||
class TestReadHumongousString extends JUnit5TestBase | ||
{ | ||
// disabled because it takes too much memory to run | ||
@Disabled | ||
// Since we might get infinite loop: | ||
@Timeout(value = 10, unit = TimeUnit.SECONDS, threadMode = Timeout.ThreadMode.SEPARATE_THREAD) | ||
@Test | ||
void testLargeStringDeserialization() throws Exception { | ||
final int len = Integer.MAX_VALUE - 1024; | ||
final byte[] largeByteString = makeLongByteString(len); | ||
final JsonFactory f = JsonFactory.builder() | ||
.streamReadConstraints(StreamReadConstraints.builder() | ||
.maxStringLength(Integer.MAX_VALUE) | ||
.build()) | ||
.build(); | ||
|
||
try (JsonParser parser = f.createParser(largeByteString)) { | ||
assertToken(JsonToken.VALUE_STRING, parser.nextToken()); | ||
// Let's not construct String but just check that length is | ||
// expected: this avoids having to allocate 4 gig more of heap | ||
// for test -- should still trigger problem if fix not valid | ||
assertEquals(len, parser.getTextLength()); | ||
// TODO: could use streaming accessor (`JsonParser.getText(Writer)`) | ||
assertNull(parser.nextToken()); | ||
} | ||
|
||
} | ||
|
||
private byte[] makeLongByteString(int length) { | ||
final byte[] result = new byte[length + 2]; | ||
Arrays.fill(result, (byte) 'a'); | ||
result[0] = '\"'; | ||
result[length + 1] = '\"'; | ||
return result; | ||
} | ||
} |