Add protection against StackOverflowError in JsonValueWriter

Signed-off-by: Dmytro Nosan <[email protected]>

Author: nosan

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/JsonValueWriter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +46,8 @@
  */
 class JsonValueWriter {
 
+	private static final int MAX_NESTING_DEPTH = 1000;
+
 	private final Appendable out;
 
 	private MemberPath path = MemberPath.ROOT;
@@ -140,6 +142,7 @@ else if (value instanceof Number || value instanceof Boolean) {
 	 */
 	void start(Series series) {
 		if (series != null) {
+			validateNestingDepth();
 			this.activeSeries.push(new ActiveSeries(series));
 			append(series.openChar);
 		}
@@ -267,6 +270,13 @@ private void writeString(Object value) {
 		}
 	}
 
+	private void validateNestingDepth() {
+		if (this.activeSeries.size() > MAX_NESTING_DEPTH) {
+			throw new IllegalStateException("JSON nesting depth (%s) exceeds maximum depth of %s (current path: %s)"
+				.formatted(this.activeSeries.size(), MAX_NESTING_DEPTH, this.path));
+		}
+	}
+
 	private void append(String value) {
 		try {
 			this.out.append(value);

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/json/JsonValueWriterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.json;
 
+import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -240,6 +241,34 @@ void endWhenNotStartedThrowsException() {
 			.isThrownBy(() -> valueWriter.end(Series.ARRAY)));
 	}
 
+	@Test
+	void illegalStateExceptionShouldBeThrownWhenCollectionExceededNestedDepth() {
+		List<Object> list = new ArrayList<>();
+		list.add(list);
+		doWrite((valueWriter) -> assertThatIllegalStateException().isThrownBy(() -> valueWriter.write(list))
+			.withMessageStartingWith(
+					"JSON nesting depth (1001) exceeds maximum depth of 1000 (current path: [0][0][0][0][0][0][0][0][0][0][0][0]"));
+	}
+
+	@Test
+	void illegalStateExceptionShouldBeThrownWhenMapExceededNestedDepth() {
+		Map<String, Object> map = new LinkedHashMap<>();
+		map.put("foo", Map.of("bar", map));
+		doWrite((valueWriter) -> assertThatIllegalStateException().isThrownBy(() -> valueWriter.write(map))
+			.withMessageStartingWith(
+					"JSON nesting depth (1001) exceeds maximum depth of 1000 (current path: foo.bar.foo.bar.foo.bar.foo"));
+	}
+
+	@Test
+	void illegalStateExceptionShouldBeThrownWhenIterableExceededNestedDepth() {
+		List<Object> list = new ArrayList<>();
+		list.add(list);
+		doWrite((valueWriter) -> assertThatIllegalStateException()
+			.isThrownBy(() -> valueWriter.write((Iterable<Object>) list::iterator))
+			.withMessageStartingWith(
+					"JSON nesting depth (1001) exceeds maximum depth of 1000 (current path: [0][0][0][0][0][0][0][0][0][0][0][0]"));
+	}
+
 	private <V> String write(V value) {
 		return doWrite((valueWriter) -> valueWriter.write(value));
 	}