Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OOM Risk Due to Lack of Maximum Length Check in JSON Parsing #130

Closed
testmigrator opened this issue Mar 6, 2025 · 1 comment
Closed

OOM Risk Due to Lack of Maximum Length Check in JSON Parsing #130

testmigrator opened this issue Mar 6, 2025 · 1 comment

Comments

@testmigrator
Copy link

While testing the parsing of large integer strings, I discovered that the current implementation of JsonParser does not enforce a maximum length check for parsed strings. This can lead to Out-Of-Memory (OOM) errors when parsing excessively large inputs.

@Test
public void testIntegerStringExceedingMaxLength() {
    int maxStrDigits = 20000000;

    // Construct a string that represents an integer with a length exceeding the maximum allowed limit.
    StringBuilder largeIntStringBuilder = new StringBuilder("1");
    for (int i = 0; i < maxStrDigits - 1; i++) {
        largeIntStringBuilder.append("0");
    }
    String largeIntString = largeIntStringBuilder.toString();

    // Attempt to parse the constructed string as JSON.
    JsonParser.JsonParserContext parserContext = new JsonParser.JsonParserContext(Object.class).withLazyNumbers();
    try {
        Object from = parserContext.from(largeIntString);
        fail("A ValueError should be raised because the integer string exceeds the maximum allowed length.");
    } catch (JsonParserException e) {
        // Expected behavior: An exception should be thrown to indicate the input exceeds the maximum allowed length.
    }
}

Expected Behavior:

The JsonParser should enforce a maximum length check for parsed strings. If the input exceeds the allowed length, a JsonParserException should be thrown to prevent OOM errors.

Actual Behavior:

The JsonParser attempts to parse the excessively large string, which can trigger an OOM error, regardless of the length of the input.

Proposed Solution:

Introduce a configurable maximum length limit for parsed strings in the JsonParser. If the input exceeds this limit, a JsonParserException should be thrown with a descriptive error message. This would prevent OOM errors and improve the robustness of the parser.
@mmastrac mmastrac closed this as not planned Won't fix, can't repro, duplicate, stale Mar 6, 2025
@testmigrator
Copy link
Author

I’m working on a test migration experiment, and this test is one I’ve migrated from Gson. To save your time, could you simply confirm if the library indeed has this potential risk?

This is really important to me, and I’d truly appreciate your feedback. Thank you so much again for your time and support!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmastrac @testmigrator