Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible NumberFormatException thrown from JSONTokener #96

Open
arthurscchan opened this issue Jul 11, 2024 · 0 comments
Open

Possible NumberFormatException thrown from JSONTokener #96

arthurscchan opened this issue Jul 11, 2024 · 0 comments

Comments

@arthurscchan
Copy link

Description of the bug.

In the JSONTokener::nextString() method, there are two lines of code (Line 258 and 261) that try to interpret Unicode characters which are represented with a 2-digit or 4-digit integer. The code missed the test rather the value of \u or \x is a valid integer to parse. If an invalid string is being passed in, the code will throw an unexpected NumberFormatException.

Proof of Concept code that triggers the bug.

import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONTokener;

public class ProofOfConcept {
  public static void main(String...args) throws Exception {
    new JSONArray(new JSONTokener("[\"\\xgg\"]"));
  }
}

Just compile and run the proof of concept code could trigger the bug.

Suggested fix.
Add a checking of the possible values before parsing them to the Integer::parseInt(String)`` method, or catch the possible NumberFormatException and throw a unified JSONException by the syntaxError(String) method to avoid confusion to the user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arthurscchan