add integer & decimal overflow check

c619a784 · 高铁 · 9060a26f · c619a784 · c619a784 · c619a784
Commit c619a784 authored 4 years ago by 高铁
Hide whitespace changes
Inline Side-by-side

Showing

with 49 additions and 8 deletions
+49 -8
--- a/src/main/java/com/alibaba/fastjson/parser/JSONLexerBase.java
+++ b/src/main/java/com/alibaba/fastjson/parser/JSONLexerBase.java
@@ -18,6 +18,7 @@ package com.alibaba.fastjson.parser;
 import java.io.Closeable;
 import java.math.BigDecimal;
 import java.math.BigInteger;
+import java.math.MathContext;
 import java.util.*;

 import com.alibaba.fastjson.JSON;
@@ -458,11 +459,11 @@ public abstract class JSONLexerBase implements JSONLexer, Closeable {
            // Accumulating negatively avoids surprises near MAX_VALUE
            digit = charAt(i++) - '0';
            if (result < multmin) {
-                return new BigInteger(numberString());
+                return new BigInteger(numberString(), 10);
            }
            result *= 10;
            if (result < limit + digit) {
-                return new BigInteger(numberString());
+                return new BigInteger(numberString(), 10);
            }
            result -= digit;
        }
@@ -3041,8 +3042,11 @@ public abstract class JSONLexerBase implements JSONLexer, Closeable {
                count = bp + offset - start - 1;
            }

+            if (count > 65535) {
+                throw new JSONException("decimal overflow");
+            }
            char[] chars = this.sub_chars(start, count);
-            value = new BigDecimal(chars);
+            value = new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
        } else if (chLocal == 'n' && charAt(bp + offset) == 'u' && charAt(bp + offset + 1) == 'l' && charAt(bp + offset + 2) == 'l') {
            matchStat = VALUE_NULL;
            value = null;
@@ -3715,8 +3719,12 @@ public abstract class JSONLexerBase implements JSONLexer, Closeable {
                count = bp + offset - start - 1;
            }

+            if (count > 65535) {
+                throw new JSONException("scan decimal overflow");
+            }
+
            char[] chars = this.sub_chars(start, count);
-            value = new BigDecimal(chars);
+            value = new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
        } else if (chLocal == 'n' &&
                   charAt(bp + offset) == 'u' &&
                   charAt(bp + offset + 1) == 'l' &&
@@ -3856,8 +3864,12 @@ public abstract class JSONLexerBase implements JSONLexer, Closeable {

 //            char[] chars = this.sub_chars(negative ? start + 1 : start, count);
 //            value = new BigInteger(chars, )
+                if (count > 65535) {
+                    throw new JSONException("scanInteger overflow");
+                }
+
                String strVal = this.subString(start, count);
-                value = new BigInteger(strVal);
+                value = new BigInteger(strVal, 10);
            }
        } else if (chLocal == 'n' &&
                   charAt(bp + offset) == 'u' &&
@@ -5150,6 +5162,10 @@ public abstract class JSONLexerBase implements JSONLexer, Closeable {
            }
        }

+        if (sp > 65535) {
+            throw new JSONException("scanNumber overflow");
+        }
+
        if (ch == 'L') {
            sp++;
            next();

--- a/src/main/java/com/alibaba/fastjson/parser/JSONReaderScanner.java
+++ b/src/main/java/com/alibaba/fastjson/parser/JSONReaderScanner.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.io.Reader;
 import java.io.StringReader;
 import java.math.BigDecimal;
+import java.math.MathContext;

 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONException;
@@ -296,7 +297,11 @@ public final class JSONReaderScanner extends JSONLexerBase {
            sp--;
        }

-        return new BigDecimal(buf, offset, sp);
+        if (sp > 65535) {
+            throw new JSONException("decimal overflow");
+        }
+
+        return new BigDecimal(buf, offset, sp, MathContext.UNLIMITED);
    }

    public void close() {

--- a/src/main/java/com/alibaba/fastjson/parser/JSONScanner.java
+++ b/src/main/java/com/alibaba/fastjson/parser/JSONScanner.java
@@ -21,6 +21,7 @@ import com.alibaba.fastjson.util.ASMUtils;
 import com.alibaba.fastjson.util.IOUtils;

 import java.math.BigDecimal;
+import java.math.MathContext;
 import java.util.*;

 //这个类，为了性能优化做了很多特别处理，一切都是为了性能！！！
@@ -188,14 +189,18 @@ public final class JSONScanner extends JSONLexerBase {
            sp--;
        }

+        if (sp > 65535) {
+            throw new JSONException("decimal overflow");
+        }
+
        int offset = np, count = sp;
        if (count < sbuf.length) {
            text.getChars(offset, offset + count, sbuf, 0);
-            return new BigDecimal(sbuf, 0, count);
+            return new BigDecimal(sbuf, 0, count, MathContext.UNLIMITED);
        } else {
            char[] chars = new char[count];
            text.getChars(offset, offset + count, chars, 0);
-            return new BigDecimal(chars);
+            return new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
        }
    }


--- a/src/main/java/com/alibaba/fastjson/serializer/BigIntegerCodec.java
+++ b/src/main/java/com/alibaba/fastjson/serializer/BigIntegerCodec.java
@@ -19,6 +19,7 @@ import java.io.IOException;
 import java.lang.reflect.Type;
 import java.math.BigInteger;

+import com.alibaba.fastjson.JSONException;
 import com.alibaba.fastjson.parser.DefaultJSONParser;
 import com.alibaba.fastjson.parser.JSONLexer;
 import com.alibaba.fastjson.parser.JSONToken;
@@ -70,6 +71,11 @@ public class BigIntegerCodec implements ObjectSerializer, ObjectDeserializer {
        if (lexer.token() == JSONToken.LITERAL_INT) {
            String val = lexer.numberString();
            lexer.nextToken(JSONToken.COMMA);
+
+            if (val.length() > 65535) {
+                throw new JSONException("decimal overflow");
+            }
+
            return (T) new BigInteger(val);
        }


--- a/src/main/java/com/alibaba/fastjson/util/TypeUtils.java
+++ b/src/main/java/com/alibaba/fastjson/util/TypeUtils.java
@@ -324,6 +324,10 @@ public class TypeUtils{
        if(value instanceof Map && ((Map) value).size() == 0){
            return null;
        }
+
+        if (strVal.length() > 65535) {
+            throw new JSONException("decimal overflow");
+        }
        return new BigDecimal(strVal);
    }

@@ -350,6 +354,11 @@ public class TypeUtils{
                || "NULL".equals(strVal)){
            return null;
        }
+
+        if (strVal.length() > 65535) {
+            throw new JSONException("decimal overflow");
+        }
+
        return new BigInteger(strVal);
    }