Merge branch '2.9' into 2.10

cowtowncoder · cowtowncoder · commit 65e6540c6240 · 2018-10-20T14:23:24.000-07:00
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -22,7 +22,7 @@ JSON library.
 #484: Implement `UTF8JsonGenerator.writeRawValue(SerializableString)` (and
   `writeRaw(..)`) more efficiently
 
-2.9.7 (not yet released)
+2.9.7 (19-Sep-2018)
 
 #476: Problem with `BufferRecycler` via async parser (or when sharing parser
  across threads)
diff --git a/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java b/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java
@@ -827,7 +827,7 @@ private void _parseSlowFloat(int expType) throws IOException
             _wrapError("Malformed numeric value '"+_textBuffer.contentsAsString()+"'", nex);
         }
     }
-    
+
     private void _parseSlowInt(int expType) throws IOException
     {
         String numStr = _textBuffer.contentsAsString();
@@ -844,16 +844,42 @@ private void _parseSlowInt(int expType) throws IOException
                 _numberLong = Long.parseLong(numStr);
                 _numTypesValid = NR_LONG;
             } else {
-                // nope, need the heavy guns... (rare case)
-                _numberBigInt = new BigInteger(numStr);
-                _numTypesValid = NR_BIGINT;
+                // 16-Oct-2018, tatu: Need to catch "too big" early due to [jackson-core#488]
+                if ((expType == NR_INT) || (expType == NR_LONG)) {
+                    _reportTooLongInt(expType, numStr);
+                }
+                if ((expType == NR_DOUBLE) || (expType == NR_FLOAT)) {
+                    _numberDouble = NumberInput.parseDouble(numStr);
+                    _numTypesValid = NR_DOUBLE;
+                } else {
+                    // nope, need the heavy guns... (rare case)
+                    _numberBigInt = new BigInteger(numStr);
+                    _numTypesValid = NR_BIGINT;
+                }
             }
         } catch (NumberFormatException nex) {
             // Can this ever occur? Due to overflow, maybe?
             _wrapError("Malformed numeric value '"+numStr+"'", nex);
         }
     }
-    
+
+    // @since 2.9.8
+    protected void _reportTooLongInt(int expType, String rawNum) throws IOException
+    {
+        int rawLen = rawNum.length();
+        final String numDesc;
+        if (rawLen < 1000) {
+            numDesc = rawNum;
+        } else {
+            if (rawNum.startsWith("-")) {
+                rawLen -= 1;
+            }
+            numDesc = String.format("[Integer with %d digits]", rawLen);
+        }
+        _reportError("Numeric value (%s) out of range of %s", numDesc,
+                (expType == NR_LONG) ? "long" : "int");
+    }
+
     /*
     /**********************************************************
     /* Numeric conversions
diff --git a/src/test/java/com/fasterxml/jackson/core/read/NumberOverflowTest.java b/src/test/java/com/fasterxml/jackson/core/read/NumberOverflowTest.java
@@ -0,0 +1,132 @@
+package com.fasterxml.jackson.core.read;
+
+import java.math.BigInteger;
+
+import com.fasterxml.jackson.core.*;
+
+public class NumberOverflowTest
+    extends com.fasterxml.jackson.core.BaseTest
+{
+    private final JsonFactory FACTORY = new JsonFactory();
+
+    // NOTE: this should be long enough to trigger perf problems
+    private final static int BIG_NUM_LEN = 199999;
+    private final static String BIG_POS_INTEGER;
+    static {
+        StringBuilder sb = new StringBuilder(BIG_NUM_LEN);
+        for (int i = 0; i < BIG_NUM_LEN; ++i) {
+            sb.append('9');
+        }
+        BIG_POS_INTEGER = sb.toString();
+    }
+
+    private final static String BIG_POS_DOC = "["+BIG_POS_INTEGER+"]";
+    private final static String BIG_NEG_DOC = "[ -"+BIG_POS_INTEGER+"]";
+    
+    public void testSimpleLongOverflow() throws Exception
+    {
+        BigInteger below = BigInteger.valueOf(Long.MIN_VALUE);
+        below = below.subtract(BigInteger.ONE);
+        BigInteger above = BigInteger.valueOf(Long.MAX_VALUE);
+        above = above.add(BigInteger.ONE);
+
+        String DOC_BELOW = below.toString() + " ";
+        String DOC_ABOVE = below.toString() + " ";
+
+        for (int mode : ALL_MODES) {
+            JsonParser p = createParser(FACTORY, mode, DOC_BELOW);
+            p.nextToken();
+            try {
+                long x = p.getLongValue();
+                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
+            } catch (JsonParseException e) {
+                verifyException(e, "out of range of long");
+            }
+            p.close();
+
+            p = createParser(mode, DOC_ABOVE);
+            p.nextToken();
+            try {
+                long x = p.getLongValue();
+                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
+            } catch (JsonParseException e) {
+                verifyException(e, "out of range of long");
+            }
+            p.close();
+            
+        }
+    }
+
+    // Note: only 4 cardinal types; `short`, `byte` and `char` use same code paths
+    // Note: due to [jackson-core#493], we'll skip DataInput-backed parser
+    
+    // [jackson-core#488]
+    public void testMaliciousLongOverflow() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            for (String doc : new String[] { BIG_POS_DOC, BIG_NEG_DOC }) {
+                JsonParser p = createParser(mode, doc);
+                assertToken(JsonToken.START_ARRAY, p.nextToken());
+                assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+                try {
+                    p.getLongValue();
+                    fail("Should not pass");
+                } catch (JsonParseException e) {
+                    verifyException(e, "out of range of long");
+                    verifyException(e, "Integer with "+BIG_NUM_LEN+" digits");
+                }
+                p.close();
+            }
+        }
+    }    
+
+    // [jackson-core#488]
+    public void testMaliciousIntOverflow() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            for (String doc : new String[] { BIG_POS_DOC, BIG_NEG_DOC }) {
+                JsonParser p = createParser(mode, doc);
+                assertToken(JsonToken.START_ARRAY, p.nextToken());
+                assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+                try {
+                    p.getIntValue();
+                    fail("Should not pass");
+                } catch (JsonParseException e) {
+                    verifyException(e, "out of range of int");
+                    verifyException(e, "Integer with "+BIG_NUM_LEN+" digits");
+                }
+                p.close();
+            }
+        }
+    }    
+
+    // [jackson-core#488]
+    public void testMaliciousBigIntToDouble() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            final String doc = BIG_POS_DOC;
+            JsonParser p = createParser(mode, doc);
+            assertToken(JsonToken.START_ARRAY, p.nextToken());
+            assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+            double d = p.getDoubleValue();
+            assertEquals(Double.valueOf(BIG_POS_INTEGER), d);
+            assertToken(JsonToken.END_ARRAY, p.nextToken());
+            p.close();
+        }
+    }    
+
+    // [jackson-core#488]
+    public void testMaliciousBigIntToFloat() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            final String doc = BIG_POS_DOC;
+            JsonParser p = createParser(mode, doc);
+            assertToken(JsonToken.START_ARRAY, p.nextToken());
+            assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+            float f = p.getFloatValue();
+            assertEquals(Float.valueOf(BIG_POS_INTEGER), f);
+            assertToken(JsonToken.END_ARRAY, p.nextToken());
+            p.close();
+        }
+    }
+}
diff --git a/src/test/java/com/fasterxml/jackson/core/read/NumberParsingTest.java b/src/test/java/com/fasterxml/jackson/core/read/NumberParsingTest.java
@@ -109,7 +109,7 @@ public void testSimpleLong() throws Exception
         _testSimpleLong(MODE_READER);
         _testSimpleLong(MODE_DATA_INPUT);
     }
-    
+
     private void _testSimpleLong(int mode) throws Exception
     {
         long EXP_L = 12345678907L;
@@ -310,39 +310,6 @@ private void _testNumbers(int mode) throws Exception
         p.close();
     }
 
-    public void testLongOverflow() throws Exception
-    {
-        BigInteger below = BigInteger.valueOf(Long.MIN_VALUE);
-        below = below.subtract(BigInteger.ONE);
-        BigInteger above = BigInteger.valueOf(Long.MAX_VALUE);
-        above = above.add(BigInteger.ONE);
-
-        String DOC_BELOW = below.toString() + " ";
-        String DOC_ABOVE = below.toString() + " ";
-
-        for (int mode : ALL_MODES) {
-            JsonParser p = createParser(mode, DOC_BELOW);
-            p.nextToken();
-            try {
-                long x = p.getLongValue();
-                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
-            } catch (JsonParseException e) {
-                verifyException(e, "out of range of long");
-            }
-            p.close();
-
-            p = createParser(mode, DOC_ABOVE);
-            p.nextToken();
-            try {
-                long x = p.getLongValue();
-                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
-            } catch (JsonParseException e) {
-                verifyException(e, "out of range of long");
-            }
-            p.close();
-            
-        }
-    }
     
     /**
      * Method that tries to test that number parsing works in cases where
