My favorites | Sign in
Project Home Downloads Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 19: Gson should handle stack overflow and other errors happening from parsing untrusted JSON
1 person starred this issue and may be notified of changes. Back to list
Status:  Duplicate
Owner:  inder123
Closed:  Jul 2008
Cc:  mede...@gmail.com


Sign in to add a comment
 
Project Member Reported by inder123, Jul 8, 2008
(reported by Meder):

'print "{\"a\":[],\"a\":" x 2000'`
`perl -e 'print "{\"a\":[],\""; print "X" x 6000;'`

to generate really large JSON and feed it to GSON. Gson brings down the JVM
with stack overflow error. 
Jul 8, 2008
Project Member #1 inder123
(No comment was entered for this change.)
Cc: meder.k
Jul 16, 2008
Project Member #2 inder123
Here is a test that will reproduce this problem. On the positive side, Gson is able
to handle individual strings upto 103kb on my machine. 

  public void testReallyLongStrings() {
    StringBuilder sb = new StringBuilder(8096);
    sb.append("com.codegoogle.gson.gks.anon.GksDataNotFoundException: Instrument 10
not found.\n");
    sb.append("\tat
com.codegoogle.gson.common.backend.reflect.Instrument.load(Instrument.java");
    sb.append(":135)\n\tat
com.codegoogle.gson.common.entities.InstrumentFactoryImpl$1.run(Ins");
    sb.append("trumentFactoryImpl.java:70)\n\tat
com.codegoogle.gson.common.InstrumentFactory");
    sb.append("Impl$1.run(InstrumentFactoryImpl.java:98)\n\tat
com.codegoogle.gson.common.base.");
   
sb.append("CbgRunnableToGksRunnableAdapter.run(CbgRunnableToGksRunnableAdapter.java:32)\n\t");
    sb.append("at
com.codegoogle.gson.anon.GksConnManager.run(GksConnectionManager.java:15)\n\t");
    sb.append("at
com.codegoogle.gson.common.entities.NonTransactionalRunner.run(NonTransactional");
    sb.append("Runner.java:4544)\n\tat
com.codegoogle.gson.common.base.ConnectionContextSwitch");
    sb.append("er$1.run(ConnectionSwitcher.java:20)\n\tat
com.codegoogle.gson.anon.GksConnecti");
    sb.append("onManager.run(GksConnectionManager.java:65)\n\tat
com.codegoogle.gson.common.base");
   
sb.append(".ConnectionContextSwitcher.run(ConnectionContextSwitcher.java:2238)\n\tat
com");
   
sb.append(".google.common.entities.base.SierraContext.runNonTransactionalOnReplica(Sierra");
    sb.append("Context.java:60)\n\tat
com.codegoogle.gson.common.InstrumentFactoryImpl.getIns");
    sb.append("(InstrumentFactoryImpl.java:7)\n\tat
com.codegoogle.gson.common.webservice.buyer");
   
sb.append(".facades.common.BuyerFacadecommon.getDomainInstrument(BuyerFacadecommon.jav");
    sb.append("a:183)\n\tat
com.codegoogle.gson.common.buyer.facades.common.CartFacadePaym");
    sb.append("ents.update(CartFacadecommon.java:39)\n\tat
com.codegoogle.gson.common.buy");
   
sb.append("er.facades.common.CartFacadecommon.update(CartFacadecommon.java:2415)\n\t");
    sb.append("at
com.codegoogle.gson.common.webservice.buyer.facades.common.CartFacadecommo.upda");
    sb.append("te(CartFacadecommon.java:2053)\n\tat
com.codegoogle.gson.common.buyer.web.B");
   
sb.append("uyerWebServiceCartPagelet.executePut(BuyerWebServiceCartPagelet.java:48)\n\t");
    sb.append("at
com.codegoogle.gson.common.webservice.buyer.web.CartPagelet.onPostCar");
    sb.append("tSelections(BuyerWebServiceCartPagelet.java:12)\n\tat
sun.reflect.NativeMethodAc");
    sb.append("cessorImpl.invoke0(Native Method)\n\tat
sun.reflect.NativeMethodAccessorImpl.inv");
    sb.append("oke(Unknown Source)\n\tat
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknow");
    sb.append("n Source)\n\tat java.lang.reflect.Method.invoke(Unknown Source)\n\tat
com.gson");
   
sb.append(".web.pagelets.di.ObjectDriver$MethodInvoker.invoke(ObjectDriver.java:86)\n\t");
    sb.append("at
com.codegoogle.gson.web.di.ObjectDriver.execute(ObjectDriver.java:155)\n\t");
    sb.append("at
com.codegoogle.gson.web.ReflectorPageletDriver.invokeExecuteOrOnEvent(Reflect");
    sb.append("orPageletDriver.java:84)\n\tat
com.codegoogle.gson.web.ReflectorPageletDriver.ex");
    sb.append("ecute(ReflectorPageletDriver.java:54)\n\tat
com.codegoogle.gson.web.DelegatingPa");
    sb.append("geletDriver.execute(DelegatingPageletDriver.java:20)\n\tat
com.codegoogle.gson.w");
   
sb.append("ebservice.buyer.web.BuyerTosPageletDriver.execute(BuyerTosPageletDriver.java:44)");
    sb.append("\n\tat
com.codegoogle.gson.web.DelegatingPageletDriver.execute(DelegatingPagelet");
    sb.append("Driver.java:20)\n\tat
com.codegoogle.gson.common.webservice.web.BuyerAuthenticati");
   
sb.append("onPageletDriver.execute(BuyerAuthenticationPageletDriver.java:58)\n\tat
com.goog");
   
sb.append("le.web.pagelets.DelegatingPageletDriver.execute(DelegatingPageletDriver.java:20)");
    sb.append("\n\tat
com.codegoogle.gson.common.apps.common.DbTransactionPageletDriver.access");
    sb.append("$001(DbTransactionPageletDriver.java:17)\n\tat
com.codegoogle.gson.apps.common.p");
   
sb.append("agelet.DbTransactionPageletDriver$1.run(DbTransactionPageletDriver.java:28)\n\t");
    sb.append("at
com.codegoogle.gson.common.apps.common.DbTransactionPageletDriver$1.run(DbTr");
    sb.append("ansactionPageletDriver.java:26)\n\tat
com.codegoogle.gson.common.base.Transact");
    sb.append("ionalRunner$Wrapper.run(TransactionalRunner.java:64)\n\tat
com.codegoogle.gson.");
   
sb.append("common.entities.base.GksTransactionBodyAdapter.run(GksTransactionBodyAdapter.j");
    sb.append("ava:56)\n\tat
com.codegoogle.gson.GksConnectionManager.runTransaction(GksConnecti");
    sb.append("onManager.java:1040)\n\tat
com.codegoogle.gson.GksConnectionManager.runTransactio");
    sb.append("n(GksConnectionManager.java:961)\n\tat
com.codegoogle.gson.common.base.Transac");
    sb.append("tionalRunner.newTransaction(TransactionalRunner.java:224)\n\tat
com.gson.payme");
   
sb.append("nts.entities.base.TransactionalRunner.run(TransactionalRunner.java:134)\n\tat
co");
   
sb.append("m.google.common.entities.base.ConnectionContextSwitcher$1.run(ConnectionContex");
    sb.append("tSwitcher.java:90)\n\tat
com.codegoogle.gson.GksConnectionManager.run(GksConnecti");
    sb.append("onManager.java:615)\n\tat
com.codegoogle.gson.common.base.ConnectionContextSwi");
    sb.append("tcher.run(ConnectionContextSwitcher.java:78)\n\tat
com.codegoogle.gson.common.");
    sb.append("SierraContext.runPrimary(SierraContext.java:373)\n\tat
com.codegoogle.gson.common.");
   
sb.append("apps.common.pagelet.DbTransactionPageletDriver.execute(DbTransactionPageletDrive");
    sb.append("r.java:26)\n\tat
com.codegoogle.gson.web.DelegatingPageletDriver.execute(Delegat");
    sb.append("ingPageletDriver.java:20)\n\tat
com.codegoogle.gson.web.DelegatingPageletDriver.");
    sb.append("execute(DelegatingPageletDriver.java:20)\n\tat
com.codegoogle.gson.common.bu");
   
sb.append("yer.web.BuyerWebServiceErrorPageletDriver.execute(BuyerWebServiceErrorPageletDri");
    sb.append("ver.java:42)\n\tat
com.codegoogle.gson.web.PageletServletAdapterWithoutScope.ser");
    sb.append("vice(PageletServletAdapterWithoutScope.java:58)\n\tat
com.codegoogle.gson.web.Pa");
    sb.append("geletServletAdapter2.service(PageletServletAdapter2.java:52)\n\tat
javax.servlet");
    sb.append(".HttpServlet.service(HttpServlet.java:102)\n\tat
com.codegoogle.gson.FilteredSer");
    sb.append("vlet$ChainEnd.doFilter(FilteredServlet.java:133)\n\tat
com.codegoogle.gson.common");
   
sb.append(".monitorableservices.web.pagelets.LocaleContextFilter.doFilter(LocaleContextFil");
    sb.append("ter.java:72)\n\tat
com.codegoogle.gson.FilteredSt$Chain.doFilter(FilteredServlet");
    sb.append(".java:131)\n\tat
com.codegoogle.gson.common.apps.DatabaseFilter.doFilter(Data");
    sb.append("baseFilter.java:31)\n\tat
com.codegoogle.gson.FilteredSet$Chain.doFilter(Filtered");
    sb.append("Servlet.java:131)\n\tat
com.codegoogle.gson.common.apps.StatsFilter.doFilter(");
    sb.append("StatsFilter.java:75)\n\tat
com.codegoogle.gson.FilteredSet$Chain.doFilter(Filtere");
    sb.append("dServlet.java:131)\n\tat
com.codegoogle.gson.common.apps.LoggingFilter.doFilt");
    sb.append("er(LoggingFilter.java:31)\n\tat
com.codegoogle.FilteredServlet$Chain.doFilter(Fi");
    sb.append("lteredServlet.java:131)\n\tat
com.codegoogle.gson.di.guice.GuiceFilter.doFil");
    sb.append("ter(GuiceFilter.java:419)\n\tat
com.codegoogle.FilteredServlet$Chain.doFilter(Fil");
    sb.append("teredServlet.java:13)\n\tat
com.codegoogle.FilteredServlet.service(FilteredServ");
    sb.append("let.java:103)\n\tat
com.codegoogle.HttpConnection.runServlet(HttpConnection.java");
    sb.append(":65)\n\tat
com.codegoogle.HttpConnection.run(HttpConnection.java:275)\n\tat com");
   
sb.append(".codegoogle.parser.DispatchQueue$WorkerThread.run(DispatchQueue.java:3139)\n");

    String initialStackTrace = sb.toString();
    for (int i = 1; i < 18; ++i) {
      sb.append(initialStackTrace);
    }
    String stackTrace = sb.toString();
    System.out.println("length at which Gson causes stack overflow errors: " +
stackTrace.length());
    String json = "{\"message\":\"Instrument 10 not found.\","
      + "\"stackTrace\":\"" + stackTrace + "\"}";
    ExceptionHolder target = gson.fromJson(json, ExceptionHolder.class);
    assertTrue(target.message.contains("Instrument"));
    assertTrue(target.stackTrace.contains("DispatchQueue"));
  }
Jul 17, 2008
Project Member #3 inder123
r116 includes a test that can reproduce this bug.
Jul 17, 2008
Project Member #4 inder123
Fixed in r117
Status: Fixed
Oct 14, 2008
Project Member #5 inder123
This is a duplicate of  Issue 47 
https://code.google.com/p/google-gson/issues/detail?id=47
Status: Duplicate
Sign in to add a comment

Powered by Google Project Hosting