Skip to content

Commit

Permalink
Incorrect recursion depth check in JSONTokener
Browse files Browse the repository at this point in the history
  • Loading branch information
@coheigea
coheigea committed Dec 5, 2022
1 parent 677aba5 commit 888eec8
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/main/java/org/codehaus/jettison/json/JSONTokener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,12 +426,16 @@ public Object nextValue() throws JSONException {

protected JSONObject newJSONObject() throws JSONException {
checkRecursionDepth();
return new JSONObject(this);
JSONObject object = new JSONObject(this);

This comment has been minimized.

Sign in to view

Copy link
@Fabio1988

Fabio1988 Dec 5, 2022

@coheigea will this be released as hotfix soon?! I updated dependency and run into that issue in general :(

This comment has been minimized.

Sign in to view

Copy link
@coheigea

coheigea Dec 7, 2022

Author Contributor

@Fabio1988 1.5.3 is now released.
recursionDepth--;
return object;
}

protected JSONArray newJSONArray() throws JSONException {
checkRecursionDepth();
return new JSONArray(this);
JSONArray array = new JSONArray(this);
recursionDepth--;
return array;
}

private void checkRecursionDepth() throws JSONException {
Expand Down
6 changes: 6 additions & 0 deletions src/test/java/org/codehaus/jettison/json/JSONArrayTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,10 @@ public void testInfiniteLoop2() {
// expected
}
}

public void testIssue52() throws JSONException {
new JSONObject().setRecursionDepthLimit(10);
new JSONArray("[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {a:10}]");
}

}

0 comments on commit 888eec8

Please sign in to comment.