Project:
View Revisions: Issue #37135 | [ Back to Issue ] | ||
Summary | 0037135: OOM parsing corrupted JSON | ||
Revision | 2017-10-20 13:59 by alostale | ||
Description | When a corrupted JSON string is parsed to instantiate a JSONObject, an OOM Exception can be thrown. Even it is very unlikely this to happen because the string must be corrupted in a very particular manner, it can occur when data is sent from client to server. This is an issue in current version (1.3) of jettison library that is fixed in newer versions [1]. --- [1] https://github.com/jettison-json/jettison/commit/334f9ba080784b65da5 [^] |
||
Revision | 2017-10-20 13:54 by alostale | ||
Description | When a corrupted JSON string is parsed to instantiate a JSONObject, an OOM Exception can be thrown. Even it is very unlikely this to happen because the string must be corrupted in a very particular manner, it can occur when data is sent from client to server. |
||
Revision | 2017-10-20 13:54 by alostale | ||
Steps To Reproduce | Cannot reproduce consistently in real life as a JSON string representation must be corrupted in a specific way. Execute: String corruptedJSON = "{\"data\":[{},"; new JSONObject(corruptedJSON); You get: java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:3210) at java.util.Arrays.copyOf(Arrays.java:3181) at java.util.ArrayList.grow(ArrayList.java:261) at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235) at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227) at java.util.ArrayList.add(ArrayList.java:458) at org.codehaus.jettison.json.JSONArray.<init>(JSONArray.java:107) at org.codehaus.jettison.json.JSONTokener.nextValue(JSONTokener.java:313) at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:195) at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:266) at LoadJson.main(LoadJson.java:17) |
||
Revision | 2017-10-20 13:54 by alostale | ||
Steps To Reproduce | Cannot reproduce consistently in real life as a JSON string representation must be corrupted in a specific way. Execute: <code> String corruptedJSON = "{\"data\":[{},"; new JSONObject(corruptedJSON); </code> You get: <code> java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:3210) at java.util.Arrays.copyOf(Arrays.java:3181) at java.util.ArrayList.grow(ArrayList.java:261) at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235) at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227) at java.util.ArrayList.add(ArrayList.java:458) at org.codehaus.jettison.json.JSONArray.<init>(JSONArray.java:107) at org.codehaus.jettison.json.JSONTokener.nextValue(JSONTokener.java:313) at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:195) at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:266) at LoadJson.main(LoadJson.java:17) </code> |
Copyright © 2000 - 2009 MantisBT Group |