Make default adapters stricter; improve exception messages #2000
Conversation
| case STRING: | ||
| int intValue = in.nextInt(); |
There was a problem hiding this comment.
JsonReader.nextInt() can also parse JSON strings as int so I simplified this instead of handling JSON strings separately (as it was the case before). However, this has the following disadvantages:
- The exception thrown for a JSON string which is not an int (e.g.
"abc") is not as descriptive anymore because it will now be thrown byJsonReader - It now allows parsing JSON strings which have a floating point value (but whose value is integral), previously it only allowed ints due to usage of
Integer.parseInt
So maybe it would still be worth handling JSON strings here manually, as it was done before?
There was a problem hiding this comment.
Yeah, I don't think it's likely that people would be affected by these particular changes in behaviour. Only recognizing 0 or 1 seems more likely to affect people, but even that seems unlikely. (I'm not sure how often people are serializing BitSet instances anyway, especially given how verbose the encoding is for sparse sets.)
| case STRING: | ||
| int intValue = in.nextInt(); |
There was a problem hiding this comment.
Yeah, I don't think it's likely that people would be affected by these particular changes in behaviour. Only recognizing 0 or 1 seems more likely to affect people, but even that seems unlikely. (I'm not sure how often people are serializing BitSet instances anyway, especially given how verbose the encoding is for sparse sets.)
Makes the default type adapters stricter:
byteandshortadapter detect numeric overflow (but both allow signed and unsigned value range, e.g. byte allows -128 to 255).For
floatno such check has been added even though conversion from small != 0doublecan become 0floatand large finitedoublevalues can become Infinityfloat, because there the 'meaning' is preserved. I have also not adjusted the lenient check to detectfloatInfinity after conversion from finitedouble, because the JSON contains finite numbers and therefore should be allowed in non-lenient mode.BitSetonly allows 0 and 1 as numeric valuesImproves exception messages:
JsonReader.getPreviousPath(), this allows getting the JSON path after a value has been consumed. The existinggetPath()would for array elements already point to the next element.JsonSyntaxExceptions thrown by adapters. Note that the implementation proposed here allows exception message injection (when the JSON comes from an untrusted source), but I am not sure if this is something which Gson should consider; the existingJsonReaderimplementation is already vulnerable to this anyway when it includes the JSON path in exception messages for malformed JSON.Improves synchronization of classes using
DateFormat. Reduces thesynchronizedblocks to the minimum, excluding JSON reading and writing calls to only hold the lock as short as possible.