Skip to content

Commit

Permalink
Fix missing bounds checks for JsonTreeReader.getPath() (#2001)
Browse files Browse the repository at this point in the history
There are situations where the stack of JsonTreeReader contains a JsonArray
or JsonObject without a subsequent Iterator, for example after calling peek()
or nextName().
When JsonTreeReader.getPath() is called afterwards it therefore must not
assume that a JsonArray or JsonObject is always followed by an Iterator.

The only reason why this never caused an ArrayIndexOutOfBoundsException in
the past is because the stack has an even default size (32) so it would just
have read the next `null`.
However, if the stack had for example the default size 31, a user created a
JsonTreeReader for 16 JSON arrays nested inside each other, then called 15
times beginArray(), followed by peek() and getPath() the exception would
occur.
  • Loading branch information
Marcono1234 authored Oct 25, 2021
1 parent ca1df7f commit ba96d53
Showing 1 changed file with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -308,11 +308,11 @@ private void push(Object newTop) {
StringBuilder result = new StringBuilder().append('$');
for (int i = 0; i < stackSize; i++) {
if (stack[i] instanceof JsonArray) {
if (stack[++i] instanceof Iterator) {
if (++i < stackSize && stack[i] instanceof Iterator) {
result.append('[').append(pathIndices[i]).append(']');
}
} else if (stack[i] instanceof JsonObject) {
if (stack[++i] instanceof Iterator) {
if (++i < stackSize && stack[i] instanceof Iterator) {
result.append('.');
if (pathNames[i] != null) {
result.append(pathNames[i]);
Expand Down

0 comments on commit ba96d53

Please sign in to comment.