[jira] [Updated] (OLINGO-1260) Parsing a crafted expression, results in deep recursion Stack Overflow

Gil Mirmovitch (JIRA) Wed, 25 Apr 2018 00:26:28 -0700

     [ 
https://issues.apache.org/jira/browse/OLINGO-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Gil Mirmovitch updated OLINGO-1260:
-----------------------------------
    Description: 
When parsing a crafted expression using the ExpressionParser 
(org.apache.olingo.server.core.uri.parser.ExpressionParser), a 
StackOverflowError is thrown.

Following are 2 expressions that I used as a POC:
 # "((((((((((((((((((((..."
 # "true or (true or (true or (true or (true or (true ...."
 # "substring(substring(substring(substring(..."

In all cases, expression that contain 1000-2000 repetitions (depends on the 
stack size) of the pattern, will result in StackOverflowError.

I added the following unit test that demonstrate the issue:

Class: *org.apache.olingo.server.core.uri.parser.ExpressionParserTest*

{color:#59afe1}{{private static String genPayload(int i)}}
 {
 {{  StringBuilder sb = new StringBuilder("true");}}
 {{  for (int j = 0; j < i; j++)}}
 {{    sb.append("(");}}
 {{  return sb.toString();}}
 }{color}

{color:#59afe1}{{@Test}}
 public void recursion() throws Exception 
 {{color}

{color:#59afe1}  String payload = genPayload(1100);
 {{  parseExpression(payload);}}
 }{color}

 

*StackTrace:*

*......*

at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprMul(ExpressionParser.java:292)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprAdd(ExpressionParser.java:278)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprRel(ExpressionParser.java:235)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprEquality(ExpressionParser.java:217)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseAnd(ExpressionParser.java:203)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExpression(ExpressionParser.java:193)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprValue(ExpressionParser.java:342)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprPrimary(ExpressionParser.java:328)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprUnary(ExpressionParser.java:323)

....

  was:
When parsing a crafted expression using the ExpressionParser 
(org.apache.olingo.server.core.uri.parser.ExpressionParser), a 
StackOverflowError is thrown.

Following are 2 expressions that I used as a POC:
 # "((((((((((((((((((((..."
 # "true or (true or (true or (true or (true or (true ...."
 # "substring(substring(substring(substring(..."

In all cases, expression that contain 1000-2000 repetitions (depends on the 
stack size) of the pattern, will result in StackOverflowError.

I added the following unit test that demonstrate the issue:

Class: *org.apache.olingo.server.core.uri.parser.ExpressionParserTest*

{color:#59afe1}{{private static String genPayload(int i)}}
 {
 {{  StringBuilder sb = new StringBuilder("true");}}
 {{  for (int j = 0; j < i; j++)}}
 {{    sb.append("(");}}
 {{  return sb.toString();}}
 }{color}

{color:#59afe1}{{@Test}}
 public void recursion() throws Exception 
 {{color}

{color:#59afe1}  String payload = genPayload(1100);
 {{  parseExpression(payload);}}
 }{color}

 

*StackTrace (for the 2nd expression):*

at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprMul(ExpressionParser.java:292)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprAdd(ExpressionParser.java:278)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprRel(ExpressionParser.java:235)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprEquality(ExpressionParser.java:217)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseAnd(ExpressionParser.java:203)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExpression(ExpressionParser.java:193)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprValue(ExpressionParser.java:342)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprPrimary(ExpressionParser.java:328)
 at 
org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprUnary(ExpressionParser.java:323)


> Parsing a crafted expression, results in deep recursion Stack Overflow
> ----------------------------------------------------------------------
>
>                 Key: OLINGO-1260
>                 URL: https://issues.apache.org/jira/browse/OLINGO-1260
>             Project: Olingo
>          Issue Type: Bug
>          Components: odata4-server
>    Affects Versions: (Java) V4 4.4.0
>            Reporter: Gil Mirmovitch
>            Priority: Critical
>
> When parsing a crafted expression using the ExpressionParser 
> (org.apache.olingo.server.core.uri.parser.ExpressionParser), a 
> StackOverflowError is thrown.
> Following are 2 expressions that I used as a POC:
>  # "((((((((((((((((((((..."
>  # "true or (true or (true or (true or (true or (true ...."
>  # "substring(substring(substring(substring(..."
> In all cases, expression that contain 1000-2000 repetitions (depends on the 
> stack size) of the pattern, will result in StackOverflowError.
> I added the following unit test that demonstrate the issue:
> Class: *org.apache.olingo.server.core.uri.parser.ExpressionParserTest*
> {color:#59afe1}{{private static String genPayload(int i)}}
>  {
>  {{  StringBuilder sb = new StringBuilder("true");}}
>  {{  for (int j = 0; j < i; j++)}}
>  {{    sb.append("(");}}
>  {{  return sb.toString();}}
>  }{color}
> {color:#59afe1}{{@Test}}
>  public void recursion() throws Exception 
>  {{color}
> {color:#59afe1}  String payload = genPayload(1100);
>  {{  parseExpression(payload);}}
>  }{color}
>  
> *StackTrace:*
> *......*
> at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprMul(ExpressionParser.java:292)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprAdd(ExpressionParser.java:278)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprRel(ExpressionParser.java:235)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprEquality(ExpressionParser.java:217)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseAnd(ExpressionParser.java:203)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExpression(ExpressionParser.java:193)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprValue(ExpressionParser.java:342)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprPrimary(ExpressionParser.java:328)
>  at 
> org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprUnary(ExpressionParser.java:323)
> ....



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (OLINGO-1260) Parsing a crafted expression, results in deep recursion Stack Overflow

Reply via email to