Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG]大数解析报错 #2672

Closed
raychow opened this issue Jun 6, 2024 · 4 comments
Closed

[BUG]大数解析报错 #2672

raychow opened this issue Jun 6, 2024 · 4 comments
Labels
bug Something isn't working fixed
Milestone
2.0.52

Comments

@raychow
Copy link

raychow commented Jun 6, 2024

问题描述

fastjson2 2.0.51

JSON.parseObject("{\"token\": 2.105465717176397390012604E+1294}");

报错:
Exception in thread "main" com.alibaba.fastjson2.JSONException: too large exp value : 1294
at com.alibaba.fastjson2.JSONReaderUTF8.readNumber0(JSONReaderUTF8.java:5458)
at com.alibaba.fastjson2.JSONReader.readNumber(JSONReader.java:1004)
at com.alibaba.fastjson2.JSONReader.read(JSONReader.java:2087)
at com.alibaba.fastjson2.JSON.parseObject(JSON.java:348)

在 fastjson1 中 token 可被解析为 BigDecimal
@raychow raychow added the bug Something isn't working label Jun 6, 2024
@raychow raychow changed the title [BUG] [BUG]大数解析报错 Jun 6, 2024
@yanxutao89 yanxutao89 self-assigned this Jun 6, 2024
@wenshao
Copy link
Member

wenshao commented Jun 6, 2024

为什么有这么大的exp数值,你这个是测试数据还是业务数据?

目前做了限制最大1023。做这个限制是防止恶意输入做DOS攻击。

@raychow
Copy link
Author

raychow commented Jun 6, 2024
edited
Loading

为什么有这么大的exp数值,你这个是测试数据还是业务数据?

目前做了限制最大1023。做这个限制是防止恶意输入做DOS攻击。

我们上游系统的数据, 这个值是脏数据, 可以忽略, 但现在解析的时候没有时机处理. 希望能加个开关忽略掉值或者强制解析.

@yanxutao89 yanxutao89 removed their assignment Jun 6, 2024
@wenshao
Copy link
Member

wenshao commented Jun 6, 2024

https://oss.sonatype.org/content/repositories/snapshots/com/alibaba/fastjson2/fastjson2/2.0.52-SNAPSHOT/
问题已修复,最大exp调整为2048了,请用2.0.52-SNAPSHOT版本帮忙验证

@wenshao wenshao added this to the 2.0.52 milestone Jun 6, 2024
@wenshao wenshao added the fixed label Jun 6, 2024
yanxutao89 added a commit that referenced this issue Jun 7, 2024
@yanxutao89
fix add missed colon, for issue #2672
b75f70d
wenshao pushed a commit that referenced this issue Jun 7, 2024
@yanxutao89 @wenshao
fix add missed colon, for issue #2672
f8e2771
@wenshao
Copy link
Member

wenshao commented Jul 14, 2024

https://github.com/alibaba/fastjson2/releases/tag/2.0.52
问题已修复,请用新版本

@wenshao wenshao closed this as completed Jul 14, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working fixed
Projects
None yet
Milestone
2.0.52
Development

No branches or pull requests
3 participants
@wenshao @raychow @yanxutao89