-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Infinite Loop in org.json.JSONML.toJSONObject #484
Comments
@stleary using the first sample and stepping through with the debugger, I see the issue at line 111 Lines 111 to 120 in 2a6af29
The do-while loop never exits as the In the |
@wdblair Thank you for raising this issue. @johnjaylward Thanks for identifying the root cause. There may be other potentially infinite loops in this and other parsing methods. I think these problems need to be fixed; input data should never be able to break the code. |
It looks like the correction in #485 solves the issue for both data inputs provided in the original description. I did not use the base64 encoded string, as I don't like encoded items if they don't have to be (base64 encoding was not what was breaking this). I unencoded it first and used the raw value as the input. |
Thanks @stleary and @johnjaylward! I'm glad you were able to reproduce the issue. On my side I can check out the new branch and see if I can find any other problematic inputs. |
Closed due to fix has been merged. |
…ort OSA Github issues
The following input causes the
org.json.JSONML.toJSONObject
method to run in an infinite loop.If you trace the execution of JSONObject on this input, you see that it eventually makes it to the
JSONML.parse
method.But then it gets stuck inside the parse method. If I'm reading the trace correctly, it repeatedly calls JSONTokener.next() on the XMLTokener
x
object on line 93 in JSONML.javaJSON-java/JSONML.java
Line 93 in 2a6af29
You can find the full trace of the method running on this input in the following gist:
The following Java program reproduces the issue when the org.json library is in the classpath.
The text was updated successfully, but these errors were encountered: