root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Polish 'Protected against JsonValueWriter stack overflow' 

See gh-44627
This commit is contained in:
Phillip Webb 2025-04-22 19:58:05 -07:00
parent b5e0eed8e7
commit 4b607bde2c
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/JsonValueWriter.java
View File

@ -47,7 +47,7 @@ import org.springframework.util.function.ThrowingConsumer;
*/
class JsonValueWriter {
private static final int DEFAULT_MAX_NESTING_DEPTH = 1000;
private static final int DEFAULT_MAX_NESTING_DEPTH = 500;
private final Appendable out;
@ -160,7 +160,10 @@ class JsonValueWriter {
*/
void start(Series series) {
if (series != null) {
validateNestingDepth();
int nestingDepth = this.activeSeries.size();
Assert.state(nestingDepth <= this.maxNestingDepth,
() -> "JSON nesting depth (%s) exceeds maximum depth of %s (current path: %s)"
.formatted(nestingDepth, this.maxNestingDepth, this.path));
this.activeSeries.push(new ActiveSeries(series));
append(series.openChar);
}
@ -288,13 +291,6 @@ class JsonValueWriter {
}
}
private void validateNestingDepth() {
if (this.activeSeries.size() > this.maxNestingDepth) {
throw new IllegalStateException("JSON nesting depth (%s) exceeds maximum depth of %s (current path: %s)"
.formatted(this.activeSeries.size(), this.maxNestingDepth, this.path));
}
}
private void append(String value) {
try {
this.out.append(value);