Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #37135 Back to Issue ]
Summary 0037135: OOM parsing corrupted JSON
Revision 2017-10-20 13:59 by alostale
Description When a corrupted JSON string is parsed to instantiate a JSONObject, an OOM Exception can be thrown.

Even it is very unlikely this to happen because the string must be corrupted in a very particular manner, it can occur when data is sent from client to server.

This is an issue in current version (1.3) of jettison library that is fixed in newer versions [1].

---
[1] https://github.com/jettison-json/jettison/commit/334f9ba080784b65da5 [^]
Revision 2017-10-20 13:54 by alostale
Description When a corrupted JSON string is parsed to instantiate a JSONObject, an OOM Exception can be thrown.

Even it is very unlikely this to happen because the string must be corrupted in a very particular manner, it can occur when data is sent from client to server.
Revision 2017-10-20 13:54 by alostale
Steps To Reproduce Cannot reproduce consistently in real life as a JSON string representation must be corrupted in a specific way.

Execute:
    String corruptedJSON = "{\"data\":[{},";
    new JSONObject(corruptedJSON);


You get:
java.lang.OutOfMemoryError: Java heap space
    at java.util.Arrays.copyOf(Arrays.java:3210)
    at java.util.Arrays.copyOf(Arrays.java:3181)
    at java.util.ArrayList.grow(ArrayList.java:261)
    at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235)
    at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227)
    at java.util.ArrayList.add(ArrayList.java:458)
    at org.codehaus.jettison.json.JSONArray.<init>(JSONArray.java:107)
    at org.codehaus.jettison.json.JSONTokener.nextValue(JSONTokener.java:313)
    at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:195)
    at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:266)
    at LoadJson.main(LoadJson.java:17)
Revision 2017-10-20 13:54 by alostale
Steps To Reproduce Cannot reproduce consistently in real life as a JSON string representation must be corrupted in a specific way.

Execute:
<code>
    String corruptedJSON = "{\"data\":[{},";
    new JSONObject(corruptedJSON);
</code>

You get:
<code>
java.lang.OutOfMemoryError: Java heap space
    at java.util.Arrays.copyOf(Arrays.java:3210)
    at java.util.Arrays.copyOf(Arrays.java:3181)
    at java.util.ArrayList.grow(ArrayList.java:261)
    at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235)
    at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227)
    at java.util.ArrayList.add(ArrayList.java:458)
    at org.codehaus.jettison.json.JSONArray.<init>(JSONArray.java:107)
    at org.codehaus.jettison.json.JSONTokener.nextValue(JSONTokener.java:313)
    at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:195)
    at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:266)
    at LoadJson.main(LoadJson.java:17)
</code>


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker