You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@johnzon.apache.org by "James Carman (JIRA)" <ji...@apache.org> on 2019/01/01 14:00:00 UTC

[jira] [Commented] (JOHNZON-177) Deserialization of numbers can produce overflows and underflows

    [ https://issues.apache.org/jira/browse/JOHNZON-177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16731599#comment-16731599 ] 

James Carman commented on JOHNZON-177:
--------------------------------------

This is most definitely a bug.  The specification says (section 3.3.2):

{quote}Deserialization of a JSON value into java.lang.Byte, Short, Integer, Long, Float or Double instance (or their corresponding primitive types) MUST follow the conversion process defined in the javadoc specification for the corresponding parse$Type method, such as java.lang.Byte.parseByte() for Byte.{quote}

If you attempt to call Byte.parseByte("255"), you get a NumberFormatException.  

> Deserialization of numbers can produce overflows and underflows
> ---------------------------------------------------------------
>
>                 Key: JOHNZON-177
>                 URL: https://issues.apache.org/jira/browse/JOHNZON-177
>             Project: Johnzon
>          Issue Type: Bug
>    Affects Versions: 1.1.8
>            Reporter: Markus Bruckner
>            Assignee: Mark Struberg
>            Priority: Minor
>             Fix For: 1.1.11
>
>
> Given the following json:
>  
> {code:java}
> {
>     "value": 2147483648
> }{code}
> and the following dto:
>  
> {code:java}
> public class IntContainer {
>     private int value;
>     public void setValue(int value) { this.value = value; }
>     public int getValue() { return value; }
> }{code}
> When I try to parse the json in the dto, the value overflows and is deserialized as negative value (or vice versa, if too large a negative number is used).
> Failing test case:
>  
> {code:java}
> @Test
> public void shouldNotAcceptOutOfBoundsValue() {
>   String json = "{ \"value\": 2147483648 }";
>   Jsonb jsonb = JsonbProvider.provider().create().build();
>   IntContainer intContainer = jsonb.fromJson(json, IntContainer.class);
>   LOG.debug("deserialized value: {}", intContainer.getValue());
>   Assert.fail("should throw instead of wrapping the value in negative area");
> }{code}
>  
> Log output is:
>  
> {noformat}
> SerializationTest deserialized value: -2147483648{noformat}
>  
> The expected behavior would probably be an Exception if the number exceeds the bounds of the type of the field that the value should be deserialized into (byte, short, int, or long).
>  
> As additional info, because we researched this when confronted with this problem initially (with type int): Applying ijson-strict (rfc7493) doesn't help in this situation since there are values that are allowed by the ijson rfc and still over-/underflow a 32-bit integer (and it would further require us to transmit long values as string).
> Boundaries:
>  * 2147483647 max value of signed 32bit integer
>  * 9007199254740991 > ijson maxvalue: "senders cannot expect receivers to parse numbers larger than..."
>  * 9223372036854775807 64b integer



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)