Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrap StackOverflow with JSONException #660

Merged
merged 1 commit into from Jan 31, 2022
Merged

Wrap StackOverflow with JSONException #660

merged 1 commit into from Jan 31, 2022
+1,732 −4

Conversation

johnjaylward
Copy link
Contributor

@johnjaylward johnjaylward commented Jan 26, 2022
edited

Fixes #654.

This fix is mostly a mitigation in that it wraps a "Stack Overflow" into a "JSON Exception". To properly fix the issue, we would need to refactor the tokener to not be recursive and instead be iterative.

Risks

Low. Exceptions still thrown for invalid data, but StackOverflowError is now wrapped.

Changes to the API?

  1. New protected method in the JSONTokener to support look-back at the previously read token.
  2. StackOverflowErrors are now handled and re-thrown as JSONException from the JSONTokener.
  3. New parsing validation that a JSONObject has keys for embedded objects

Will this require a new release?

Yes

Should the documentation be updated?

Possibly.

Does it break the unit tests?

No. New unit tests were added to reflect the issue reported and also to support new validation for JSONObject

Was any code refactored in this commit?

no

Review status
APPROVED

@stleary stleary changed the title Issue 654 Wrap StackOverflow with JSONException to fix Issue #654 Jan 26, 2022
@stleary
Copy link
Owner

stleary commented Jan 26, 2022

Starting 3 day comment window

@stleary stleary merged commit c33ad9c into stleary:master Jan 31, 2022
@jphelp32
Copy link

@stleary Do you have plans to release a new version with this commit soon?

@beedle-
Copy link

beedle- commented Mar 17, 2022

This is reported as a HIGH vulnerabilitiy by dependencies tools such as JFrog Xray. I would appreciate a release for this fix as well. Thanks a lot

@stleary
Copy link
Owner

stleary commented Mar 17, 2022

I should be able to get it released this weekend.

@stleary stleary changed the title Wrap StackOverflow with JSONException to fix Issue #654 Wrap StackOverflow with JSONException Mar 20, 2022
@stleary
Copy link
Owner

stleary commented Mar 20, 2022

Release 20220320

erosb pushed a commit to hazelcast/hazelcast that referenced this pull request Apr 1, 2022
Bumps json schema validator to 1.14.1 (#21116)
45d0f80 
Xray found a vulnerability on json and was fixed on version 20220320. Please refer to the following links:
stleary/JSON-java#654
stleary/JSON-java#660

The new validator library depends on the fixed org.json version: https://github.com/everit-org/json-schema/releases/tag/1.14.1

Source: slack: https://hazelcast.slack.com/archives/G01LH0K3VK8/p1648714007131469
This was referenced Mar 13, 2023
Open
Open
This was referenced Mar 14, 2023
Open
Open
This was referenced Dec 21, 2022
Closed
Closed
@Sharrk7mii
Copy link

这个异常需要怎么解决呢?

This was referenced Feb 7, 2023
Open
Open
@eamonnmcmanus eamonnmcmanus mentioned this pull request Sep 21, 2023
Closed
This was referenced Jun 23, 2023
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

java.lang.StackOverflowError in org.json.JSONTokener.nextValue::JSONTokener.java:431 json-java 20210307
5 participants
@johnjaylward @stleary @jphelp32 @beedle- @Sharrk7mii