More work for #488, now handling coercions to double, float better to avoid drastic performance issue as per suggestions by @wujimin

cowtowncoder · cowtowncoder · commit b6c54cf06167 · 2018-10-20T14:22:07.000-07:00
diff --git a/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java b/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java
@@ -843,13 +843,18 @@ private void _parseSlowInt(int expType) throws IOException
                 _numberLong = Long.parseLong(numStr);
                 _numTypesValid = NR_LONG;
             } else {
-                // 16-Oct-2018, tatu: Need to catch "too big" early due to... issues
+                // 16-Oct-2018, tatu: Need to catch "too big" early due to [jackson-core#488]
                 if ((expType == NR_INT) || (expType == NR_LONG)) {
                     _reportTooLongInt(expType, numStr);
                 }
-                // nope, need the heavy guns... (rare case)
-                _numberBigInt = new BigInteger(numStr);
-                _numTypesValid = NR_BIGINT;
+                if ((expType == NR_DOUBLE) || (expType == NR_FLOAT)) {
+                    _numberDouble = NumberInput.parseDouble(numStr);
+                    _numTypesValid = NR_DOUBLE;
+                } else {
+                    // nope, need the heavy guns... (rare case)
+                    _numberBigInt = new BigInteger(numStr);
+                    _numTypesValid = NR_BIGINT;
+                }
             }
         } catch (NumberFormatException nex) {
             // Can this ever occur? Due to overflow, maybe?
@@ -860,9 +865,16 @@ private void _parseSlowInt(int expType) throws IOException
     // @since 2.9.8
     protected void _reportTooLongInt(int expType, String rawNum) throws IOException
     {
-        String numDesc = (rawNum.length() > 1000)
-                ? String.format("[Integer with %d digits]", rawNum.length())
-                        : rawNum;
+        int rawLen = rawNum.length();
+        final String numDesc;
+        if (rawLen < 1000) {
+            numDesc = rawNum;
+        } else {
+            if (rawNum.startsWith("-")) {
+                rawLen -= 1;
+            }
+            numDesc = String.format("[Integer with %d digits]", rawLen);
+        }
         _reportError("Numeric value (%s) out of range of %s", numDesc,
                 (expType == NR_LONG) ? "long" : "int");
     }
diff --git a/src/test/java/com/fasterxml/jackson/core/read/NumberOverflowTest.java b/src/test/java/com/fasterxml/jackson/core/read/NumberOverflowTest.java
@@ -0,0 +1,132 @@
+package com.fasterxml.jackson.core.read;
+
+import java.math.BigInteger;
+
+import com.fasterxml.jackson.core.*;
+
+public class NumberOverflowTest
+    extends com.fasterxml.jackson.core.BaseTest
+{
+    private final JsonFactory FACTORY = new JsonFactory();
+
+    // NOTE: this should be long enough to trigger perf problems
+    private final static int BIG_NUM_LEN = 199999;
+    private final static String BIG_POS_INTEGER;
+    static {
+        StringBuilder sb = new StringBuilder(BIG_NUM_LEN);
+        for (int i = 0; i < BIG_NUM_LEN; ++i) {
+            sb.append('9');
+        }
+        BIG_POS_INTEGER = sb.toString();
+    }
+
+    private final static String BIG_POS_DOC = "["+BIG_POS_INTEGER+"]";
+    private final static String BIG_NEG_DOC = "[ -"+BIG_POS_INTEGER+"]";
+    
+    public void testSimpleLongOverflow() throws Exception
+    {
+        BigInteger below = BigInteger.valueOf(Long.MIN_VALUE);
+        below = below.subtract(BigInteger.ONE);
+        BigInteger above = BigInteger.valueOf(Long.MAX_VALUE);
+        above = above.add(BigInteger.ONE);
+
+        String DOC_BELOW = below.toString() + " ";
+        String DOC_ABOVE = below.toString() + " ";
+
+        for (int mode : ALL_MODES) {
+            JsonParser p = createParser(FACTORY, mode, DOC_BELOW);
+            p.nextToken();
+            try {
+                long x = p.getLongValue();
+                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
+            } catch (JsonParseException e) {
+                verifyException(e, "out of range of long");
+            }
+            p.close();
+
+            p = createParser(mode, DOC_ABOVE);
+            p.nextToken();
+            try {
+                long x = p.getLongValue();
+                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
+            } catch (JsonParseException e) {
+                verifyException(e, "out of range of long");
+            }
+            p.close();
+            
+        }
+    }
+
+    // Note: only 4 cardinal types; `short`, `byte` and `char` use same code paths
+    // Note: due to [jackson-core#493], we'll skip DataInput-backed parser
+    
+    // [jackson-core#488]
+    public void testMaliciousLongOverflow() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            for (String doc : new String[] { BIG_POS_DOC, BIG_NEG_DOC }) {
+                JsonParser p = createParser(mode, doc);
+                assertToken(JsonToken.START_ARRAY, p.nextToken());
+                assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+                try {
+                    p.getLongValue();
+                    fail("Should not pass");
+                } catch (JsonParseException e) {
+                    verifyException(e, "out of range of long");
+                    verifyException(e, "Integer with "+BIG_NUM_LEN+" digits");
+                }
+                p.close();
+            }
+        }
+    }    
+
+    // [jackson-core#488]
+    public void testMaliciousIntOverflow() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            for (String doc : new String[] { BIG_POS_DOC, BIG_NEG_DOC }) {
+                JsonParser p = createParser(mode, doc);
+                assertToken(JsonToken.START_ARRAY, p.nextToken());
+                assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+                try {
+                    p.getIntValue();
+                    fail("Should not pass");
+                } catch (JsonParseException e) {
+                    verifyException(e, "out of range of int");
+                    verifyException(e, "Integer with "+BIG_NUM_LEN+" digits");
+                }
+                p.close();
+            }
+        }
+    }    
+
+    // [jackson-core#488]
+    public void testMaliciousBigIntToDouble() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            final String doc = BIG_POS_DOC;
+            JsonParser p = createParser(mode, doc);
+            assertToken(JsonToken.START_ARRAY, p.nextToken());
+            assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+            double d = p.getDoubleValue();
+            assertEquals(Double.valueOf(BIG_POS_INTEGER), d);
+            assertToken(JsonToken.END_ARRAY, p.nextToken());
+            p.close();
+        }
+    }    
+
+    // [jackson-core#488]
+    public void testMaliciousBigIntToFloat() throws Exception
+    {
+        for (int mode : ALL_STREAMING_MODES) {
+            final String doc = BIG_POS_DOC;
+            JsonParser p = createParser(mode, doc);
+            assertToken(JsonToken.START_ARRAY, p.nextToken());
+            assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken());
+            float f = p.getFloatValue();
+            assertEquals(Float.valueOf(BIG_POS_INTEGER), f);
+            assertToken(JsonToken.END_ARRAY, p.nextToken());
+            p.close();
+        }
+    }
+}
diff --git a/src/test/java/com/fasterxml/jackson/core/read/NumberParsingTest.java b/src/test/java/com/fasterxml/jackson/core/read/NumberParsingTest.java
@@ -108,7 +108,7 @@ public void testSimpleLong() throws Exception
         _testSimpleLong(MODE_READER);
         _testSimpleLong(MODE_DATA_INPUT);
     }
-    
+
     private void _testSimpleLong(int mode) throws Exception
     {
         long EXP_L = 12345678907L;
@@ -309,39 +309,6 @@ private void _testNumbers(int mode) throws Exception
         p.close();
     }
 
-    public void testLongOverflow() throws Exception
-    {
-        BigInteger below = BigInteger.valueOf(Long.MIN_VALUE);
-        below = below.subtract(BigInteger.ONE);
-        BigInteger above = BigInteger.valueOf(Long.MAX_VALUE);
-        above = above.add(BigInteger.ONE);
-
-        String DOC_BELOW = below.toString() + " ";
-        String DOC_ABOVE = below.toString() + " ";
-
-        for (int mode : ALL_MODES) {
-            JsonParser p = createParser(mode, DOC_BELOW);
-            p.nextToken();
-            try {
-                long x = p.getLongValue();
-                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
-            } catch (JsonParseException e) {
-                verifyException(e, "out of range of long");
-            }
-            p.close();
-
-            p = createParser(mode, DOC_ABOVE);
-            p.nextToken();
-            try {
-                long x = p.getLongValue();
-                fail("Expected an exception for underflow (input "+p.getText()+"): instead, got long value: "+x);
-            } catch (JsonParseException e) {
-                verifyException(e, "out of range of long");
-            }
-            p.close();
-            
-        }
-    }
     
     /**
      * Method that tries to test that number parsing works in cases where
