Merge branch '2.13' into 2.14

cowtowncoder · cowtowncoder · commit 226dd97ecbff · 2022-04-18T13:15:51.000-07:00
diff --git a/release-notes/CREDITS-2.x b/release-notes/CREDITS-2.x
@@ -287,6 +287,10 @@ Vlad Tatavu (vladt@github)
     for "content reference"
   (2.13.2)
 
+PJ Fanning (pjfanning@github)
+  * Contributed #744: Limit size of exception message in BigDecimalParser
+  (2.13.3)
+
 Ilya Golovin (ilgo0413@github)
   * Contributed #684: Add "JsonPointer#appendProperty" and "JsonPointer#appendIndex"
   (2.14.0)
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -24,6 +24,11 @@ JSON library.
   floating-point values or not
  (contributed Doug R)
 
+2.13.3 (not yet released)
+
+#744: Limit size of exception message in BigDecimalParser
+ (contributed by @pjfanning))
+
 2.13.2 (06-Mar-2022)
 
 #732: Update Maven wrapper
diff --git a/src/main/java/com/fasterxml/jackson/core/io/BigDecimalParser.java b/src/main/java/com/fasterxml/jackson/core/io/BigDecimalParser.java
@@ -21,6 +21,7 @@
  */
 public final class BigDecimalParser
 {
+    private final static int MAX_CHARS_TO_REPORT = 1000;
     private final char[] chars;
 
     BigDecimalParser(char[] chars) {
@@ -51,7 +52,14 @@ public static BigDecimal parse(char[] chars) {
             if (desc == null) {
                 desc = "Not a valid number representation";
             }
-            throw new NumberFormatException("Value \"" + new String(chars)
+            String stringToReport;
+            if (chars.length <= MAX_CHARS_TO_REPORT) {
+                stringToReport = new String(chars);
+            } else {
+                stringToReport = new String(Arrays.copyOfRange(chars, 0, MAX_CHARS_TO_REPORT))
+                    + "(truncated, full length is " + chars.length + " chars)";
+            }
+            throw new NumberFormatException("Value \"" + stringToReport
                     + "\" can not be represented as `java.math.BigDecimal`, reason: " + desc);
         }
     }
diff --git a/src/test/java/com/fasterxml/jackson/core/io/BigDecimalParserTest.java b/src/test/java/com/fasterxml/jackson/core/io/BigDecimalParserTest.java
@@ -0,0 +1,18 @@
+package com.fasterxml.jackson.core.io;
+
+public class BigDecimalParserTest extends com.fasterxml.jackson.core.BaseTest {
+    public void testLongStringParse() {
+        final int len = 1500;
+        final StringBuilder sb = new StringBuilder(len);
+        for (int i = 0; i < len; i++) {
+            sb.append("A");
+        }
+        try {
+            BigDecimalParser.parse(sb.toString());
+            fail("expected NumberFormatException");
+        } catch (NumberFormatException nfe) {
+            assertTrue("exception message starts as expected?", nfe.getMessage().startsWith("Value \"AAAAA"));
+            assertTrue("exception message value contains truncated", nfe.getMessage().contains("truncated"));
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`*/`
`22`	`22`	`public final class BigDecimalParser`
`23`	`23`	`{`
	`24`	`+ private final static int MAX_CHARS_TO_REPORT = 1000;`
`24`	`25`	`private final char[] chars;`
`25`	`26`
`26`	`27`	`BigDecimalParser(char[] chars) {`
`@@ -51,7 +52,14 @@ public static BigDecimal parse(char[] chars) {`
`51`	`52`	`if (desc == null) {`
`52`	`53`	`desc = "Not a valid number representation";`
`53`	`54`	`}`
`54`		`- throw new NumberFormatException("Value \"" + new String(chars)`
	`55`	`+ String stringToReport;`
	`56`	`+ if (chars.length <= MAX_CHARS_TO_REPORT) {`
	`57`	`+ stringToReport = new String(chars);`
	`58`	`+ } else {`
	`59`	`+ stringToReport = new String(Arrays.copyOfRange(chars, 0, MAX_CHARS_TO_REPORT))`
	`60`	`+ + "(truncated, full length is " + chars.length + " chars)";`
	`61`	`+ }`
	`62`	`+ throw new NumberFormatException("Value \"" + stringToReport`
`55`	`63`	+ "\" can not be represented as `java.math.BigDecimal`, reason: " + desc);
`56`	`64`	`}`
`57`	`65`	`}`