修复JSONUtil.parse()溢出问题

2025-04-19 03:01:48 +08:00 · 2023-09-05 14:32:41 +08:00 · 2023-09-05 14:32:41 +08:00 · b6944fd18d
commit b6944fd18d
parent 9c51a71e20
4 changed files with 15 additions and 11 deletions
--- a/hutool-json/src/main/java/org/dromara/hutool/json/JSONParser.java
+++ b/hutool-json/src/main/java/org/dromara/hutool/json/JSONParser.java
@ -84,7 +84,7 @@ public class JSONParser {
 					}
 				default:
 					tokener.back();
-					key = tokener.nextValue().toString();
+					key = tokener.nextValue(true).toString();
 			}

 			// The key is followed by ':'.
@ -94,7 +94,7 @@ public class JSONParser {
 				throw tokener.syntaxError("Expected a ':' after a key");
 			}

-			jsonObject.set(key, tokener.nextValue(), predicate);
+			jsonObject.set(key, tokener.nextValue(false), predicate);

 			// Pairs are separated by ','.

@ -136,7 +136,7 @@ public class JSONParser {
 					jsonArray.addRaw(null, predicate);
 				} else {
 					x.back();
-					jsonArray.addRaw(x.nextValue(), predicate);
+					jsonArray.addRaw(x.nextValue(false), predicate);
 				}
 				switch (x.nextClean()) {
 					case CharUtil.COMMA:
--- a/hutool-json/src/main/java/org/dromara/hutool/json/JSONTokener.java
+++ b/hutool-json/src/main/java/org/dromara/hutool/json/JSONTokener.java
@ -345,15 +345,16 @@ public class JSONTokener extends ReaderWrapper {
 	 * @return Boolean, Double, Integer, JSONArray, JSONObject, Long, or String
 	 * @throws JSONException 语法错误
 	 */
-	public Object nextValue() throws JSONException {
+	public Object nextValue(final boolean getOnlyStringValue) throws JSONException {
 		char c = this.nextClean();
-		final String string;
-
 		switch (c) {
 			case '"':
 			case '\'':
 				return this.nextString(c);
 			case '{':
+				if(getOnlyStringValue){
+					throw this.syntaxError("String value must not begin with '{'");
+				}
 				this.back();
 				try {
 					return new JSONObject(this, this.config);
@ -361,6 +362,9 @@ public class JSONTokener extends ReaderWrapper {
 					throw new JSONException("JSONObject depth too large to process.", e);
 				}
 			case '[':
+				if(getOnlyStringValue){
+					throw this.syntaxError("String value must not begin with '['");
+				}
 				this.back();
 				try {
 					return new JSONArray(this, this.config);
@ -382,11 +386,11 @@ public class JSONTokener extends ReaderWrapper {
 		}
 		this.back();

-		string = sb.toString().trim();
-		if (0 == string.length()) {
+		final String valueString = sb.toString().trim();
+		if (valueString.isEmpty()) {
 			throw this.syntaxError("Missing value");
 		}
-		return InternalJSONUtil.stringToValue(string);
+		return getOnlyStringValue ? valueString : InternalJSONUtil.stringToValue(valueString);
 	}

 	/**
--- a/hutool-json/src/main/java/org/dromara/hutool/json/convert/JSONConverter.java
+++ b/hutool-json/src/main/java/org/dromara/hutool/json/convert/JSONConverter.java
@ -154,7 +154,7 @@ public class JSONConverter implements Converter {
 					return new JSONObject(jsonStr, config);
 				default:
 					// RFC8259，JSON字符串值、number, boolean, or null
-					final Object value = new JSONTokener(jsonStr, config).nextValue();
+					final Object value = new JSONTokener(jsonStr, config).nextValue(false);
 					if(ObjUtil.equals(value, jsonStr)){
 						// 原值返回，意味着非正常数字、Boolean或null
 						throw new JSONException("Unsupported JSON String: {}", jsonStr);
--- a/hutool-json/src/test/java/org/dromara/hutool/json/Issue3289Test.java
+++ b/hutool-json/src/test/java/org/dromara/hutool/json/Issue3289Test.java
@ -7,7 +7,7 @@ public class Issue3289Test {
 	@Test
 	void parseTest() {
 		Assertions.assertThrows(JSONException.class, () -> {
-			final String s = "{\"G\":00,[,,[0E5,6E9,6E5,6E9,6E5,6E9,6E5,6E9,6E9,6E5,true,6E5,6E9,6E5,6E9,6956,EE,5E9,6E5,RE,6E9,6E9,6E5,6E9,6E5,6E9,6E5,6E9,6E5,6E962756779,4141697],]}";
+			String s = "{\"G\":00,[6E962756779]}";
 			JSONUtil.parse(s);
 		});
 	}