Merge pull request #2641 from JacceYang/fix_issue2638

fix issue 2638[解析非法字符串JSON.parseObject("}",JaveBean.class ) 没有抛出异常，测试"] " 可以抛出]

src/main/java/com/alibaba/fastjson/parser/DefaultJSONParser.java

@@ -684,6 +684,9 @@ public <T> T parseObject(Type type, Object fieldName) {
 
         try {
             if (deserializer.getClass() == JavaBeanDeserializer.class) {
+                if (lexer.token()!= JSONToken.LBRACE && lexer.token()!=JSONToken.LBRACKET) {
+                throw new JSONException("syntax error,except start with { or [,but actually start with "+ lexer.tokenName());
+            }
                 return (T) ((JavaBeanDeserializer) deserializer).deserialze(this, type, fieldName, 0);
             } else {
                 return (T) deserializer.deserialze(this, type, fieldName);

src/test/java/com/alibaba/fastjson/deserializer/issue2638/Person.java

@@ -0,0 +1,26 @@
+package com.alibaba.fastjson.deserializer.issue2638;
+
+class Person {
+        private String name;
+        private Integer age;
+
+        public Person(){}
+
+        public Person(String name, Integer age) {
+            super();
+            this.name = name;
+            this.age = age;
+        }
+        public String getName() {
+            return name;
+        }
+        public void setName(String name) {
+            this.name = name;
+        }
+        public Integer getAge() {
+            return age;
+        }
+        public void setAge(Integer age) {
+            this.age = age;
+        }
+    }

src/test/java/com/alibaba/fastjson/deserializer/issue2638/TestIssue2638.java

@@ -0,0 +1,18 @@
+package com.alibaba.fastjson.deserializer.issue2638;
+
+import com.alibaba.fastjson.JSON;
+import org.junit.Test;
+
+/**
+ * @Author:JacceYang chaoyang_sjtu@126.com
+ * @Description:
+ * @Data:Initialized in 7:54 PM 2019/8/17
+ **/
+public class TestIssue2638 {
+
+    @Test
+    public void testBug2638() {
+        String str="}";
+        JSON.parseObject(str,Person.class);
+    }
+}