From ea81b2d25092ec03423f4d4645f64874a4c7d909 Mon Sep 17 00:00:00 2001 From: David Pollak Date: Fri, 5 Apr 2013 13:32:18 -0700 Subject: [PATCH] Addresses a data bleeding issue with lift-json --- .../scala/net/liftweb/json/JsonParser.scala | 6 ++++- .../net/liftweb/json/JsonParserSpec.scala | 22 ++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/core/json/src/main/scala/net/liftweb/json/JsonParser.scala b/core/json/src/main/scala/net/liftweb/json/JsonParser.scala index 7c3590e9ad..533a659e87 100644 --- a/core/json/src/main/scala/net/liftweb/json/JsonParser.scala +++ b/core/json/src/main/scala/net/liftweb/json/JsonParser.scala @@ -376,7 +376,11 @@ object JsonParser { } } - def near = new String(segment, (cur-20) max 0, (cur + 1) min Segments.segmentSize) + def near = { + val start = (cur - 20) max 0 + val len = ((cur + 1) min Segments.segmentSize) - start + new String(segment, start, len) + } def release = segments.foreach(Segments.release) diff --git a/core/json/src/test/scala/net/liftweb/json/JsonParserSpec.scala b/core/json/src/test/scala/net/liftweb/json/JsonParserSpec.scala index e37b3e52db..8bfeb1f03b 100644 --- a/core/json/src/test/scala/net/liftweb/json/JsonParserSpec.scala +++ b/core/json/src/test/scala/net/liftweb/json/JsonParserSpec.scala @@ -25,7 +25,18 @@ import org.scalacheck.Prop._ /** * System under specification for JSON Parser. */ -object JsonParserSpec extends Specification("JSON Parser Specification") with JValueGen with ScalaCheck { +object JsonParserSpec extends Specification with JValueGen with ScalaCheck { + + private def parseBadThing(): String = try { + parse("""{"user":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"<}""") + "x" * 1000 + } catch { + case e: Throwable => e.getMessage + } + + + "JSON Parser Specification".title + "Any valid json can be parsed" in { val parsing = (json: JValue) => { parse(Printer.pretty(render(json))); true } forAll(parsing) must pass @@ -51,6 +62,15 @@ object JsonParserSpec extends Specification("JSON Parser Specification") with JV parse("[\"abc\\\"\\\\\\/\\b\\f\\n\\r\\t\\u00a0\"]") must_== JArray(JString("abc\"\\/\b\f\n\r\t\u00a0")::Nil) } + + "Parser does not bleed prior results" in { + parse("""{"a": "now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things. now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things. now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things. now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things. now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things. now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things. now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things.now is the time for all good men to come to the aid of their dog and eat dog food with other dogs and bark and woof and do dog things"}""") + + val msg = parseBadThing() + + msg.length must be_<=(50) + } + "Unclosed string literal fails parsing" in { parseOpt("{\"foo\":\"sd") mustEqual None parseOpt("{\"foo\":\"sd}") mustEqual None