Johannes/gson-comments
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix for an ArrayIndexOutOfBoundsException.

Browse Source 
The `fillBuffer` method changes `pos`, so it is incorrect to cache
its previous value.
This commit is contained in:
Éamonn McManus 2021-11-09 10:08:21 -08:00 committed by Colin Decker
parent b0595c595b
commit 6e06bf0d89
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
gson/src/main/java/com/google/gson/stream/JsonReader.java
View File

@ -228,13 +228,14 @@ public class JsonReader implements Closeable {
/** True to accept non-spec compliant JSON */ /** True to accept non-spec compliant JSON */
private boolean lenient = false; private boolean lenient = false;
static final int BUFFER_SIZE = 1024;
/** /**
* Use a manual buffer to easily read and unread upcoming characters, and * Use a manual buffer to easily read and unread upcoming characters, and
* also so we can create strings without an intermediate StringBuilder. * also so we can create strings without an intermediate StringBuilder.
* We decode literals directly out of this buffer, so it must be at least as * We decode literals directly out of this buffer, so it must be at least as
* long as the longest token that can be reported as a number. * long as the longest token that can be reported as a number.
*/ */
private final char[] buffer = new char[1024]; private final char[] buffer = new char[BUFFER_SIZE];
private int pos = 0; private int pos = 0;
private int limit = 0; private int limit = 0;
@ -1604,11 +1605,11 @@ public class JsonReader implements Closeable {
nextNonWhitespace(true); nextNonWhitespace(true);
pos--; pos--;
int p = pos; if (pos + 5 > limit && !fillBuffer(5)) {
if (p + 5 > limit && !fillBuffer(5)) {
return; return;
} }
int p = pos;
char[] buf = buffer; char[] buf = buffer;
if(buf[p] != ')' || buf[p + 1] != ']' || buf[p + 2] != '}' || buf[p + 3] != '\'' || buf[p + 4] != '\n') { if(buf[p] != ')' || buf[p + 1] != ']' || buf[p + 2] != '}' || buf[p + 3] != '\'' || buf[p + 4] != '\n') {
return; // not a security token! return; // not a security token!

15
gson/src/test/java/com/google/gson/stream/JsonReaderTest.java
View File

@ -1730,6 +1730,21 @@ public final class JsonReaderTest extends TestCase {
} }
} }
/**
* Regression test for an issue with buffer filling and consumeNonExecutePrefix.
*/
public void testReadAcrossBuffers() throws IOException {
StringBuilder sb = new StringBuilder('#');
for (int i = 0; i < JsonReader.BUFFER_SIZE - 3; i++) {
sb.append(' ');
}
sb.append("\n)]}'\n3");
JsonReader reader = new JsonReader(reader(sb.toString()));
reader.setLenient(true);
JsonToken token = reader.peek();
assertEquals(JsonToken.NUMBER, token);
}
private void assertDocument(String document, Object... expectations) throws IOException { private void assertDocument(String document, Object... expectations) throws IOException {
JsonReader reader = new JsonReader(reader(document)); JsonReader reader = new JsonReader(reader(document));
reader.setLenient(true); reader.setLenient(true);