Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add protection against StackOverflowError in JsonValueWriter #44627

Open
wants to merge 1 commit into
base: 3.4.x
Choose a base branch
from
Open

Add protection against StackOverflowError in JsonValueWriter #44627

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion ...boot-project/spring-boot/src/main/java/org/springframework/boot/json/JsonValueWriter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2024 the original author or authors.
* Copyright 2012-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -46,8 +46,12 @@
*/
class JsonValueWriter {

private static final int DEFAULT_MAX_NESTING_DEPTH = 1000;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if such a deep nesting level is necessary, as JsonWriter is primarily used for StructuredLogging, and such depth seems practically impossible.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this should be configurable? If user decides they want more, they should be able to get more. Default level should be maybe lower, something like 32. Note that this is not only a stack-overflow protection, but also protection against overflowing the storage space for logs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've prototyped some changes main...nosan:44502-json-writer-configuration


private final Appendable out;

private final int maxNestingDepth;

private MemberPath path = MemberPath.ROOT;

private final Deque<JsonWriterFiltersAndProcessors> filtersAndProcessors = new ArrayDeque<>();
Expand All @@ -59,7 +63,18 @@ class JsonValueWriter {
* @param out the {@link Appendable} used to receive the JSON output
*/
JsonValueWriter(Appendable out) {
this(out, DEFAULT_MAX_NESTING_DEPTH);
}

/**
* Create a new {@link JsonValueWriter} instance.
* @param out the {@link Appendable} used to receive the JSON output
* @param maxNestingDepth the maximum allowed nesting depth for JSON objects and
* arrays
*/
JsonValueWriter(Appendable out, int maxNestingDepth) {
this.out = out;
this.maxNestingDepth = maxNestingDepth;
}

void pushProcessors(JsonWriterFiltersAndProcessors jsonProcessors) {
Expand Down Expand Up @@ -140,6 +155,7 @@ else if (value instanceof Number || value instanceof Boolean) {
*/
void start(Series series) {
if (series != null) {
validateNestingDepth();
this.activeSeries.push(new ActiveSeries(series));
append(series.openChar);
}
Expand Down Expand Up @@ -267,6 +283,13 @@ private void writeString(Object value) {
}
}

private void validateNestingDepth() {
if (this.activeSeries.size() > this.maxNestingDepth) {
throw new IllegalStateException("JSON nesting depth (%s) exceeds maximum depth of %s (current path: %s)"
.formatted(this.activeSeries.size(), this.maxNestingDepth, this.path));
}
}

private void append(String value) {
try {
this.out.append(value);
Expand Down
33 changes: 32 additions & 1 deletion ...project/spring-boot/src/test/java/org/springframework/boot/json/JsonValueWriterTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2024 the original author or authors.
* Copyright 2012-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -16,6 +16,7 @@

package org.springframework.boot.json;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
Expand Down Expand Up @@ -240,6 +241,36 @@ void endWhenNotStartedThrowsException() {
.isThrownBy(() -> valueWriter.end(Series.ARRAY)));
}

@Test
void illegalStateExceptionShouldBeThrownWhenCollectionExceededNestingDepth() {
JsonValueWriter writer = new JsonValueWriter(new StringBuilder(), 128);
List<Object> list = new ArrayList<>();
list.add(list);
assertThatIllegalStateException().isThrownBy(() -> writer.write(list))
.withMessageStartingWith(
"JSON nesting depth (129) exceeds maximum depth of 128 (current path: [0][0][0][0][0][0][0][0][0][0][0][0]");
}

@Test
void illegalStateExceptionShouldBeThrownWhenMapExceededNestingDepth() {
JsonValueWriter writer = new JsonValueWriter(new StringBuilder(), 128);
Map<String, Object> map = new LinkedHashMap<>();
map.put("foo", Map.of("bar", map));
assertThatIllegalStateException().isThrownBy(() -> writer.write(map))
.withMessageStartingWith(
"JSON nesting depth (129) exceeds maximum depth of 128 (current path: foo.bar.foo.bar.foo.bar.foo");
}

@Test
void illegalStateExceptionShouldBeThrownWhenIterableExceededNestingDepth() {
JsonValueWriter writer = new JsonValueWriter(new StringBuilder(), 128);
List<Object> list = new ArrayList<>();
list.add(list);
assertThatIllegalStateException().isThrownBy(() -> writer.write((Iterable<Object>) list::iterator))
.withMessageStartingWith(
"JSON nesting depth (129) exceeds maximum depth of 128 (current path: [0][0][0][0][0][0][0][0][0][0][0][0]");
}

private <V> String write(V value) {
return doWrite((valueWriter) -> valueWriter.write(value));
}
Expand Down