johnzon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anders Rundgren <anders.rundgren....@gmail.com>
Subject Re: [jira] [Commented] (JOHNZON-177) Deserialization of numbers can produce overflows and underflows
Date Mon, 07 Jan 2019 21:17:29 GMT
On 2019-01-07 22:14, Mark Struberg (JIRA) wrote:
> 
>      [ https://issues.apache.org/jira/browse/JOHNZON-177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736357#comment-16736357
]
> 
> Mark Struberg commented on JOHNZON-177:
> ---------------------------------------
> 
> Hi [~jwcarman]!
> It was clarified with the EG that the current spec does simply not fully embrace the
JSON specification.
> See the link to the EG discussion I posted above. Still needs to get clarified how it
should behave exactly in the future.

Indeed:
https://github.com/eclipse-ee4j/jsonb-api/issues/112

Anders

> 
>> Deserialization of numbers can produce overflows and underflows
>> ---------------------------------------------------------------
>>
>>                  Key: JOHNZON-177
>>                  URL: https://issues.apache.org/jira/browse/JOHNZON-177
>>              Project: Johnzon
>>           Issue Type: Bug
>>     Affects Versions: 1.1.8
>>             Reporter: Markus Bruckner
>>             Assignee: Mark Struberg
>>             Priority: Minor
>>              Fix For: 1.1.11
>>
>>
>> Given the following json:
>>   
>> {code:java}
>> {
>>      "value": 2147483648
>> }{code}
>> and the following dto:
>>   
>> {code:java}
>> public class IntContainer {
>>      private int value;
>>      public void setValue(int value) { this.value = value; }
>>      public int getValue() { return value; }
>> }{code}
>> When I try to parse the json in the dto, the value overflows and is deserialized
as negative value (or vice versa, if too large a negative number is used).
>> Failing test case:
>>   
>> {code:java}
>> @Test
>> public void shouldNotAcceptOutOfBoundsValue() {
>>    String json = "{ \"value\": 2147483648 }";
>>    Jsonb jsonb = JsonbProvider.provider().create().build();
>>    IntContainer intContainer = jsonb.fromJson(json, IntContainer.class);
>>    LOG.debug("deserialized value: {}", intContainer.getValue());
>>    Assert.fail("should throw instead of wrapping the value in negative area");
>> }{code}
>>   
>> Log output is:
>>   
>> {noformat}
>> SerializationTest deserialized value: -2147483648{noformat}
>>   
>> The expected behavior would probably be an Exception if the number exceeds the bounds
of the type of the field that the value should be deserialized into (byte, short, int, or
long).
>>   
>> As additional info, because we researched this when confronted with this problem
initially (with type int): Applying ijson-strict (rfc7493) doesn't help in this situation
since there are values that are allowed by the ijson rfc and still over-/underflow a 32-bit
integer (and it would further require us to transmit long values as string).
>> Boundaries:
>>   * 2147483647 max value of signed 32bit integer
>>   * 9007199254740991 > ijson maxvalue: "senders cannot expect receivers to parse
numbers larger than..."
>>   * 9223372036854775807 64b integer
> 
> 
> 
> --
> This message was sent by Atlassian JIRA
> (v7.6.3#76005)
> 


Mime
View raw message