Add protection against StackOverflowError in JsonValueWriter

nosan · nosan · commit 1777be414534 · 2025-03-06T18:27:11.000+02:00
This commit adds validation for the maximum JSON nesting depth in
the JsonValueWriter. This helps prevent StackOverflowError that can
potentially occur due to excessive recursion when dealing with deeply
nested JSON structures.

Signed-off-by: Dmytro Nosan &lt;dimanosan@gmail.com&gt;
diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/JsonValueWriter.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/JsonValueWriter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,8 +46,12 @@
  */
 class JsonValueWriter {
 
+	private static final int DEFAULT_MAX_NESTING_DEPTH = 1000;
+
 	private final Appendable out;
 
+	private final int maxNestingDepth;
+
 	private MemberPath path = MemberPath.ROOT;
 
 	private final Deque<JsonWriterFiltersAndProcessors> filtersAndProcessors = new ArrayDeque<>();
@@ -59,7 +63,18 @@ class JsonValueWriter {
 	 * @param out the {@link Appendable} used to receive the JSON output
 	 */
 	JsonValueWriter(Appendable out) {
+		this(out, DEFAULT_MAX_NESTING_DEPTH);
+	}
+
+	/**
+	 * Create a new {@link JsonValueWriter} instance.
+	 * @param out the {@link Appendable} used to receive the JSON output
+	 * @param maxNestingDepth the maximum allowed nesting depth for JSON objects and
+	 * arrays
+	 */
+	JsonValueWriter(Appendable out, int maxNestingDepth) {
 		this.out = out;
+		this.maxNestingDepth = maxNestingDepth;
 	}
 
 	void pushProcessors(JsonWriterFiltersAndProcessors jsonProcessors) {
@@ -140,6 +155,7 @@ else if (value instanceof Number || value instanceof Boolean) {
 	 */
 	void start(Series series) {
 		if (series != null) {
+			validateNestingDepth();
 			this.activeSeries.push(new ActiveSeries(series));
 			append(series.openChar);
 		}
@@ -267,6 +283,13 @@ private void writeString(Object value) {
 		}
 	}
 
+	private void validateNestingDepth() {
+		if (this.activeSeries.size() > this.maxNestingDepth) {
+			throw new IllegalStateException("JSON nesting depth (%s) exceeds maximum depth of %s (current path: %s)"
+				.formatted(this.activeSeries.size(), this.maxNestingDepth, this.path));
+		}
+	}
+
 	private void append(String value) {
 		try {
 			this.out.append(value);
diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/json/JsonValueWriterTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/json/JsonValueWriterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.json;
 
+import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -240,6 +241,36 @@ void endWhenNotStartedThrowsException() {
 			.isThrownBy(() -> valueWriter.end(Series.ARRAY)));
 	}
 
+	@Test
+	void illegalStateExceptionShouldBeThrownWhenCollectionExceededNestingDepth() {
+		JsonValueWriter writer = new JsonValueWriter(new StringBuilder(), 128);
+		List<Object> list = new ArrayList<>();
+		list.add(list);
+		assertThatIllegalStateException().isThrownBy(() -> writer.write(list))
+			.withMessageStartingWith(
+					"JSON nesting depth (129) exceeds maximum depth of 128 (current path: [0][0][0][0][0][0][0][0][0][0][0][0]");
+	}
+
+	@Test
+	void illegalStateExceptionShouldBeThrownWhenMapExceededNestingDepth() {
+		JsonValueWriter writer = new JsonValueWriter(new StringBuilder(), 128);
+		Map<String, Object> map = new LinkedHashMap<>();
+		map.put("foo", Map.of("bar", map));
+		assertThatIllegalStateException().isThrownBy(() -> writer.write(map))
+			.withMessageStartingWith(
+					"JSON nesting depth (129) exceeds maximum depth of 128 (current path: foo.bar.foo.bar.foo.bar.foo");
+	}
+
+	@Test
+	void illegalStateExceptionShouldBeThrownWhenIterableExceededNestingDepth() {
+		JsonValueWriter writer = new JsonValueWriter(new StringBuilder(), 128);
+		List<Object> list = new ArrayList<>();
+		list.add(list);
+		assertThatIllegalStateException().isThrownBy(() -> writer.write((Iterable<Object>) list::iterator))
+			.withMessageStartingWith(
+					"JSON nesting depth (129) exceeds maximum depth of 128 (current path: [0][0][0][0][0][0][0][0][0][0][0][0]");
+	}
+
 	private <V> String write(V value) {
 		return doWrite((valueWriter) -> valueWriter.write(value));
 	}
