Skip to content
This repository has been archived by the owner on Oct 23, 2024. It is now read-only.

Commit

Permalink
add integer & decimal overflow check
Browse files Browse the repository at this point in the history
  • Loading branch information
wenshao committed Jun 14, 2020
1 parent 9060a26 commit c619a78
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 8 deletions.
26 changes: 21 additions & 5 deletions src/main/java/com/alibaba/fastjson/parser/JSONLexerBase.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import java.io.Closeable;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.math.MathContext;
import java.util.*;

import com.alibaba.fastjson.JSON;
Expand Down Expand Up @@ -458,11 +459,11 @@ public final Number integerValue() throws NumberFormatException {
// Accumulating negatively avoids surprises near MAX_VALUE
digit = charAt(i++) - '0';
if (result < multmin) {
return new BigInteger(numberString());
return new BigInteger(numberString(), 10);
}
result *= 10;
if (result < limit + digit) {
return new BigInteger(numberString());
return new BigInteger(numberString(), 10);
}
result -= digit;
}
Expand Down Expand Up @@ -3041,8 +3042,11 @@ public BigDecimal scanDecimal(char seperator) {
count = bp + offset - start - 1;
}

if (count > 65535) {
throw new JSONException("decimal overflow");
}
char[] chars = this.sub_chars(start, count);
value = new BigDecimal(chars);
value = new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
} else if (chLocal == 'n' && charAt(bp + offset) == 'u' && charAt(bp + offset + 1) == 'l' && charAt(bp + offset + 2) == 'l') {
matchStat = VALUE_NULL;
value = null;
Expand Down Expand Up @@ -3715,8 +3719,12 @@ public BigDecimal scanFieldDecimal(char[] fieldName) {
count = bp + offset - start - 1;
}

if (count > 65535) {
throw new JSONException("scan decimal overflow");
}

char[] chars = this.sub_chars(start, count);
value = new BigDecimal(chars);
value = new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
} else if (chLocal == 'n' &&
charAt(bp + offset) == 'u' &&
charAt(bp + offset + 1) == 'l' &&
Expand Down Expand Up @@ -3856,8 +3864,12 @@ public BigInteger scanFieldBigInteger(char[] fieldName) {

// char[] chars = this.sub_chars(negative ? start + 1 : start, count);
// value = new BigInteger(chars, )
if (count > 65535) {
throw new JSONException("scanInteger overflow");
}

String strVal = this.subString(start, count);
value = new BigInteger(strVal);
value = new BigInteger(strVal, 10);
}
} else if (chLocal == 'n' &&
charAt(bp + offset) == 'u' &&
Expand Down Expand Up @@ -5150,6 +5162,10 @@ public final void scanNumber() {
}
}

if (sp > 65535) {
throw new JSONException("scanNumber overflow");
}

if (ch == 'L') {
sp++;
next();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import java.io.Reader;
import java.io.StringReader;
import java.math.BigDecimal;
import java.math.MathContext;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONException;
Expand Down Expand Up @@ -296,7 +297,11 @@ public final BigDecimal decimalValue() {
sp--;
}

return new BigDecimal(buf, offset, sp);
if (sp > 65535) {
throw new JSONException("decimal overflow");
}

return new BigDecimal(buf, offset, sp, MathContext.UNLIMITED);
}

public void close() {
Expand Down
9 changes: 7 additions & 2 deletions src/main/java/com/alibaba/fastjson/parser/JSONScanner.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import com.alibaba.fastjson.util.IOUtils;

import java.math.BigDecimal;
import java.math.MathContext;
import java.util.*;

//这个类,为了性能优化做了很多特别处理,一切都是为了性能!!!
Expand Down Expand Up @@ -188,14 +189,18 @@ public final BigDecimal decimalValue() {
sp--;
}

if (sp > 65535) {
throw new JSONException("decimal overflow");
}

int offset = np, count = sp;
if (count < sbuf.length) {
text.getChars(offset, offset + count, sbuf, 0);
return new BigDecimal(sbuf, 0, count);
return new BigDecimal(sbuf, 0, count, MathContext.UNLIMITED);
} else {
char[] chars = new char[count];
text.getChars(offset, offset + count, chars, 0);
return new BigDecimal(chars);
return new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import java.lang.reflect.Type;
import java.math.BigInteger;

import com.alibaba.fastjson.JSONException;
import com.alibaba.fastjson.parser.DefaultJSONParser;
import com.alibaba.fastjson.parser.JSONLexer;
import com.alibaba.fastjson.parser.JSONToken;
Expand Down Expand Up @@ -70,6 +71,11 @@ public static <T> T deserialze(DefaultJSONParser parser) {
if (lexer.token() == JSONToken.LITERAL_INT) {
String val = lexer.numberString();
lexer.nextToken(JSONToken.COMMA);

if (val.length() > 65535) {
throw new JSONException("decimal overflow");
}

return (T) new BigInteger(val);
}

Expand Down
9 changes: 9 additions & 0 deletions src/main/java/com/alibaba/fastjson/util/TypeUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,10 @@ public static BigDecimal castToBigDecimal(Object value){
if(value instanceof Map && ((Map) value).size() == 0){
return null;
}

if (strVal.length() > 65535) {
throw new JSONException("decimal overflow");
}
return new BigDecimal(strVal);
}

Expand All @@ -350,6 +354,11 @@ public static BigInteger castToBigInteger(Object value){
|| "NULL".equals(strVal)){
return null;
}

if (strVal.length() > 65535) {
throw new JSONException("decimal overflow");
}

return new BigInteger(strVal);
}

Expand Down

0 comments on commit c619a78

Please sign in to comment.