[johnzon] branch master updated: [JOHNZON-346] avoid array out of bound exception when string gets an escaped character

Wed, 02 Jun 2021 07:54:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmannibucau pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/johnzon.git


The following commit(s) were added to refs/heads/master by this push:
     new 48c34e6  [JOHNZON-346] avoid array out of bound exception when string 
gets an escaped character
48c34e6 is described below

commit 48c34e68c51791b0aea15b94cb013ea8586e29da
Author: Romain Manni-Bucau <rmannibu...@gmail.com>
AuthorDate: Wed Jun 2 16:54:36 2021 +0200

    [JOHNZON-346] avoid array out of bound exception when string gets an 
escaped character
---
 .../apache/johnzon/core/JsonStreamParserImpl.java  |  4 +-
 .../johnzon/core/JsonStreamParserImplTest.java     | 66 ++++++++++++++++++++++
 2 files changed, 69 insertions(+), 1 deletion(-)

diff --git 
a/johnzon-core/src/main/java/org/apache/johnzon/core/JsonStreamParserImpl.java 
b/johnzon-core/src/main/java/org/apache/johnzon/core/JsonStreamParserImpl.java
index 9d42c87..c511e0d 100644
--- 
a/johnzon-core/src/main/java/org/apache/johnzon/core/JsonStreamParserImpl.java
+++ 
b/johnzon-core/src/main/java/org/apache/johnzon/core/JsonStreamParserImpl.java
@@ -197,7 +197,9 @@ public class JsonStreamParserImpl extends 
JohnzonJsonParserImpl implements JsonC
         final char[] newArray = new char[fallBackCopyBuffer.length + 
Math.max(getBufferExtends(fallBackCopyBuffer.length), length)];
         // TODO: log to adjust size once?
         System.arraycopy(fallBackCopyBuffer, 0, newArray, 0, 
fallBackCopyBufferLength);
-        System.arraycopy(buffer, startOfValueInBuffer, newArray, 
fallBackCopyBufferLength, length);
+        if (startOfValueInBuffer != -1) {
+            System.arraycopy(buffer, startOfValueInBuffer, newArray, 
fallBackCopyBufferLength, length);
+        }
         if (releaseFallBackCopyBufferLength) {
             bufferProvider.release(fallBackCopyBuffer);
             releaseFallBackCopyBufferLength = false;
diff --git 
a/johnzon-core/src/test/java/org/apache/johnzon/core/JsonStreamParserImplTest.java
 
b/johnzon-core/src/test/java/org/apache/johnzon/core/JsonStreamParserImplTest.java
new file mode 100644
index 0000000..4537138
--- /dev/null
+++ 
b/johnzon-core/src/test/java/org/apache/johnzon/core/JsonStreamParserImplTest.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.johnzon.core;
+
+import org.junit.Test;
+
+import javax.json.stream.JsonParser;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+import static java.util.Arrays.asList;
+import static java.util.Collections.emptyMap;
+import static org.junit.Assert.assertEquals;
+
+public class JsonStreamParserImplTest {
+    @Test
+    public void ensureNoArrayBoundErrorWhenOverflow() throws IOException {
+        final String json = new JsonObjectBuilderImpl(
+                emptyMap(),
+                BufferStrategyFactory.valueOf("QUEUE").newCharProvider(100),
+                RejectDuplicateKeysMode.TRUE)
+                .add("content", "{\"foo\":\"barbar\\barbarbar\"}")
+                .build()
+                .toString();
+        final JsonParser parser = new JsonStreamParserImpl(new 
ByteArrayInputStream(json
+                .getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8,
+                10,
+                BufferStrategyFactory.valueOf("QUEUE").newCharProvider(10),
+                BufferStrategyFactory.valueOf("QUEUE").newCharProvider(10),
+                true);
+        final List<String> events = new ArrayList<>();
+        while (parser.hasNext()) {
+            final JsonParser.Event event = parser.next();
+            events.add(event.name());
+            switch (event) {
+                case VALUE_STRING:
+                    events.add(parser.getString());
+                    break;
+                default:
+            }
+        }
+        parser.close();
+        assertEquals(
+                asList("START_OBJECT", "KEY_NAME", "VALUE_STRING", 
"{\"foo\":\"barbar\\barbarbar\"}", "END_OBJECT"),
+                events);
+    }
+}

Reply via email to