Fix trailing data accepted after top-level null

[andrewstellman]

Summary

Gson.fromJson(String/Reader, ...) and JsonParser.parseReader(Reader) documentedly reject trailing data, but both currently make an exception when the parsed top-level value is JSON null.

For non-null values, trailing data already causes a JsonSyntaxException. For top-level null, the trailing-data check is skipped:

• In Gson.java, assertFullConsumption() only peeks when the deserialized object is non-null.
• In JsonParser.java, parseReader(Reader) only peeks when the parsed JsonElement is not JsonNull.

That means inputs like null trailing are silently accepted by the high-level "consume the whole document" APIs, even though those methods document that trailing data should be rejected.

Fix

Apply the trailing-data check regardless of whether the parsed value is null, while still preserving Gson's existing backward-compatible handling of empty or whitespace-only input.

Concretely:

• remove the obj != null / !element.isJsonNull() guards
• keep using reader.peek() / jsonReader.peek() to verify END_DOCUMENT
• catch EOFException from that final peek and treat it as "input fully exhausted"

That EOFException handling is important because these APIs have long accepted empty or whitespace-only input as null / JsonNull, and this change should not alter that behavior.

This change only affects the high-level wrappers which are supposed to consume the entire document:

• Gson.fromJson(String/Reader, ...)
• JsonParser.parseReader(Reader)

The lower-level streaming entry points:

• Gson.fromJson(JsonReader, ...)
• JsonParser.parseReader(JsonReader)

intentionally allow trailing data and are unchanged.

Example

Gson gson = new Gson();

// Already rejected before this change
gson.fromJson("\"hello\" trailing", String.class); // JsonSyntaxException

// Previously accepted because top-level null skipped the full-consumption check
gson.fromJson("null trailing", String.class); // returned null

// After this change, top-level null is treated the same as any other value
gson.fromJson("null trailing", String.class); // JsonSyntaxException

Tests

Three regression tests cover the affected high-level APIs:

• GsonTest.testFromJsonRejectsTrailingDataAfterNull_String
• GsonTest.testFromJsonRejectsTrailingDataAfterNull_Reader
• JsonParserTest.testParseReaderRejectsTrailingDataAfterNull

The String overload test and the JsonParser test also verify the existing non-null baseline ("hello" trailing) still throws.

Focused compatibility checks also confirm that the fix preserves accepted empty-input behavior:

• JsonParserTest.testParseEmptyWhitespaceInput
• ObjectTest.testEmptyStringDeserialization

A clean full gson module test run passes with:

mvn -pl gson clean test

[eamonnmcmanus]

(Just an update here. I tried running this past Google's internal tests and I did encounter at least one failure. Unfortunately debugging the failure was not straightforward so I don't yet know if this is something that really would be affected by the behaviour change.)