Skip to content

Commit

Permalink
reader check
Browse files Browse the repository at this point in the history
  • Loading branch information
@pjfanning
pjfanning committed Aug 23, 2023
1 parent fc82c65 commit 954a2d0
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 19 deletions.
51 changes: 32 additions & 19 deletions src/main/java/com/fasterxml/jackson/core/json/ReaderBasedJsonParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1848,9 +1848,11 @@ protected final String _parseName() throws IOException
int ch = _inputBuffer[ptr];
if (ch < codes.length && codes[ch] != 0) {
if (ch == '"') {
int start = _inputPtr;
final int start = _inputPtr;
_inputPtr = ptr+1; // to skip the quote
return _symbols.findSymbol(_inputBuffer, start, ptr - start, hash);
final int len = ptr - start;
_streamReadConstraints.validateNameLength(len);
return _symbols.findSymbol(_inputBuffer, start, len, hash);
}
break;
}
Expand All @@ -1864,7 +1866,9 @@ protected final String _parseName() throws IOException

private String _parseName2(int startPtr, int hash, int endChar) throws IOException
{
_textBuffer.resetWithShared(_inputBuffer, startPtr, (_inputPtr - startPtr));
final int initLen = _inputPtr - startPtr;
_streamReadConstraints.validateNameLength(initLen);
_textBuffer.resetWithShared(_inputBuffer, startPtr, initLen);

/* Output pointers; calls will also ensure that the buffer is
* not shared and has room for at least one more char.
Expand Down Expand Up @@ -1908,10 +1912,11 @@ private String _parseName2(int startPtr, int hash, int endChar) throws IOExcepti
}
_textBuffer.setCurrentLength(outPtr);
{
TextBuffer tb = _textBuffer;
char[] buf = tb.getTextBuffer();
int start = tb.getTextOffset();
int len = tb.size();
final TextBuffer tb = _textBuffer;
final char[] buf = tb.getTextBuffer();
final int start = tb.getTextOffset();
final int len = tb.size();
_streamReadConstraints.validateNameLength(len);
return _symbols.findSymbol(buf, start, len, hash);
}
}
Expand Down Expand Up @@ -1962,14 +1967,18 @@ protected String _handleOddName(int i) throws IOException
int ch = _inputBuffer[ptr];
if (ch < maxCode) {
if (codes[ch] != 0) {
int start = _inputPtr-1; // -1 to bring back first char
final int start = _inputPtr-1; // -1 to bring back first char
_inputPtr = ptr;
return _symbols.findSymbol(_inputBuffer, start, ptr - start, hash);
final int len = ptr - start;
_streamReadConstraints.validateNameLength(len);
return _symbols.findSymbol(_inputBuffer, start, len, hash);
}
} else if (!Character.isJavaIdentifierPart((char) ch)) {
int start = _inputPtr-1; // -1 to bring back first char
final int start = _inputPtr-1; // -1 to bring back first char
_inputPtr = ptr;
return _symbols.findSymbol(_inputBuffer, start, ptr - start, hash);
final int len = ptr - start;
_streamReadConstraints.validateNameLength(len);
return _symbols.findSymbol(_inputBuffer, start, len, hash);
}
hash = (hash * CharsToNameCanonicalizer.HASH_MULT) + ch;
++ptr;
Expand All @@ -1996,7 +2005,9 @@ protected String _parseAposName() throws IOException
if (ch == '\'') {
int start = _inputPtr;
_inputPtr = ptr+1; // to skip the quote
return _symbols.findSymbol(_inputBuffer, start, ptr - start, hash);
final int len = ptr - start;
_streamReadConstraints.validateNameLength(len);
return _symbols.findSymbol(_inputBuffer, start, len, hash);
}
if (ch < maxCode && codes[ch] != 0) {
break;
Expand Down Expand Up @@ -2029,7 +2040,7 @@ protected JsonToken _handleOddValue(int i) throws IOException
switch (i) {
case '\'':
/* Allow single quotes? Unlike with regular Strings, we'll eagerly parse
* contents; this so that there'sno need to store information on quote char used.
* contents; this so that there's no need to store information on quote char used.
* Also, no separation to fast/slow parsing; we'll just do
* one regular (~= slowish) parsing, to keep code simple
*/
Expand Down Expand Up @@ -2129,7 +2140,9 @@ protected JsonToken _handleApos() throws IOException

private String _handleOddName2(int startPtr, int hash, int[] codes) throws IOException
{
_textBuffer.resetWithShared(_inputBuffer, startPtr, (_inputPtr - startPtr));
final int initLen = _inputPtr - startPtr;
_streamReadConstraints.validateNameLength(initLen);
_textBuffer.resetWithShared(_inputBuffer, startPtr, initLen);
char[] outBuf = _textBuffer.getCurrentSegment();
int outPtr = _textBuffer.getCurrentSegmentSize();
final int maxCode = codes.length;
Expand Down Expand Up @@ -2162,11 +2175,11 @@ private String _handleOddName2(int startPtr, int hash, int[] codes) throws IOExc
}
_textBuffer.setCurrentLength(outPtr);
{
TextBuffer tb = _textBuffer;
char[] buf = tb.getTextBuffer();
int start = tb.getTextOffset();
int len = tb.size();

final TextBuffer tb = _textBuffer;
final char[] buf = tb.getTextBuffer();
final int start = tb.getTextOffset();
final int len = tb.size();
_streamReadConstraints.validateNameLength(len);
return _symbols.findSymbol(buf, start, len, hash);
}
}
Expand Down
18 changes: 18 additions & 0 deletions src/test/java/com/fasterxml/jackson/core/read/LargeNameReadTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,24 @@ public void testLargeNameWithSmallLimit() throws Exception
}
}

public void testReaderLargeNameWithSmallLimit() throws Exception
{
final String doc = generateJSON(1000);
final JsonFactory jsonFactory = JsonFactory.builder()
.streamReadConstraints(StreamReadConstraints.builder().maxNameLength(100).build())
.build();
try (JsonParser jp = createParserUsingReader(jsonFactory, doc)) {
JsonToken jsonToken;
while ((jsonToken = jp.nextToken()) != null) {
System.out.println(jsonToken);
}
fail("expected StreamConstraintsException");
} catch (StreamConstraintsException e) {
assertTrue("Unexpected exception message: " + e.getMessage(),
e.getMessage().contains("Name value length"));
}
}

private String generateJSON(final int nameLen) {
final StringBuilder sb = new StringBuilder();
sb.append("{\"");
Expand Down

0 comments on commit 954a2d0

Please sign in to comment.