Merge branch '2.x' into 3.x

cowtowncoder · cowtowncoder · commit 522a0c81e16a · 2026-02-22T12:24:14.000-08:00
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -108,6 +108,9 @@ No changes since 2.19.1
  (reported by @ventusfortis)
 #1548: `StreamReadConstraints.maxDocumentLength` not checked when
   creating parser with fixed buffer
+#1555: Enforce `StreamReadConstraints.maxNumberLength` for
+  non-blocking (async) parser
+ (fix by @pjfanning)
 
 2.18.5 (27-Oct-2025)
  (same as 2.18.4.1 on 10-June-2025)
diff --git a/src/main/java/tools/jackson/core/json/async/NonBlockingUtf8JsonParserBase.java b/src/main/java/tools/jackson/core/json/async/NonBlockingUtf8JsonParserBase.java
@@ -3,13 +3,15 @@
 import tools.jackson.core.JacksonException;
 import tools.jackson.core.JsonToken;
 import tools.jackson.core.ObjectReadContext;
+import tools.jackson.core.exc.StreamConstraintsException;
 import tools.jackson.core.io.CharTypes;
 import tools.jackson.core.io.IOContext;
 import tools.jackson.core.json.JsonReadFeature;
 import tools.jackson.core.sym.ByteQuadsCanonicalizer;
 import tools.jackson.core.util.InternalJacksonUtil;
 import tools.jackson.core.util.VersionUtil;
 
+
 /**
  * Non-blocking parser base implementation for JSON content.
  *<p>
@@ -363,7 +365,7 @@ protected final JsonToken _finishTokenWithEOF() throws JacksonException
                 if (_numberNegative) {
                     --len;
                 }
-                _intLength = len;
+                _setIntLength(len);
             }
             return _valueComplete(JsonToken.VALUE_NUMBER_INT);
 
@@ -1301,15 +1303,15 @@ protected JsonToken _startPositiveNumber(int ch) throws JacksonException
         while (true) {
             if (ch < INT_0) {
                 if (ch == INT_PERIOD) {
-                    _intLength = outPtr;
+                    _setIntLength(outPtr);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
                 break;
             }
             if (ch > INT_9) {
                 if ((ch | 0x20) == INT_e) { // ~ 'eE'
-                    _intLength = outPtr;
+                    _setIntLength(outPtr);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
@@ -1328,7 +1330,7 @@ protected JsonToken _startPositiveNumber(int ch) throws JacksonException
             }
             ch = getByteFromBuffer(_inputPtr) & 0xFF;
         }
-        _intLength = outPtr;
+        _setIntLength(outPtr);
         _textBuffer.setCurrentLength(outPtr);
         return _valueComplete(JsonToken.VALUE_NUMBER_INT);
     }
@@ -1368,15 +1370,15 @@ protected JsonToken _startNegativeNumber() throws JacksonException
         while (true) {
             if (ch < INT_0) {
                 if (ch == INT_PERIOD) {
-                    _intLength = outPtr-1;
+                    _setIntLength(outPtr-1);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
                 break;
             }
             if (ch > INT_9) {
                 if ((ch | 0x20) == INT_e) { // ~ 'eE'
-                    _intLength = outPtr-1;
+                    _setIntLength(outPtr-1);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
@@ -1394,7 +1396,7 @@ protected JsonToken _startNegativeNumber() throws JacksonException
             }
             ch = getByteFromBuffer(_inputPtr) & 0xFF;
         }
-        _intLength = outPtr-1;
+        _setIntLength(outPtr-1);
         _textBuffer.setCurrentLength(outPtr);
         return _valueComplete(JsonToken.VALUE_NUMBER_INT);
     }
@@ -1440,15 +1442,15 @@ protected JsonToken _startPositiveNumber() throws JacksonException
         while (true) {
             if (ch < INT_0) {
                 if (ch == INT_PERIOD) {
-                    _intLength = outPtr-1;
+                    _setIntLength(outPtr-1);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
                 break;
             }
             if (ch > INT_9) {
                 if ((ch | 0x20) == INT_e) { // ~ 'eE'
-                    _intLength = outPtr-1;
+                    _setIntLength(outPtr-1);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
@@ -1466,7 +1468,7 @@ protected JsonToken _startPositiveNumber() throws JacksonException
             }
             ch = getByteFromBuffer(_inputPtr) & 0xFF;
         }
-        _intLength = outPtr-1;
+        _setIntLength(outPtr-1);
         _textBuffer.setCurrentLength(outPtr);
         return _valueComplete(JsonToken.VALUE_NUMBER_INT);
     }
@@ -1699,15 +1701,15 @@ protected JsonToken _finishNumberIntegralPart(char[] outBuf, int outPtr) throws
             ch = getByteFromBuffer(_inputPtr) & 0xFF;
             if (ch < INT_0) {
                 if (ch == INT_PERIOD) {
-                    _intLength = outPtr+negMod;
+                    _setIntLength(outPtr+negMod);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
                 break;
             }
             if (ch > INT_9) {
                 if ((ch | 0x20) == INT_e) { // ~ 'eE'
-                    _intLength = outPtr+negMod;
+                    _setIntLength(outPtr+negMod);
                     ++_inputPtr;
                     return _startFloat(outBuf, outPtr, ch);
                 }
@@ -1721,7 +1723,7 @@ protected JsonToken _finishNumberIntegralPart(char[] outBuf, int outPtr) throws
             }
             outBuf[outPtr++] = (char) ch;
         }
-        _intLength = outPtr+negMod;
+        _setIntLength(outPtr+negMod);
         _textBuffer.setCurrentLength(outPtr);
         // As per #105, need separating space between root values; check here
         if (_streamReadContext.inRoot()) {
@@ -1742,7 +1744,7 @@ protected JsonToken _startFloat(char[] outBuf, int outPtr, int ch) throws Jackso
                 if (_inputPtr >= _inputEnd) {
                     _textBuffer.setCurrentLength(outPtr);
                     _minorState = MINOR_NUMBER_FRACTION_DIGITS;
-                    _fractLength = fractLen;
+                    _setFractLength(fractLen);
                     return _updateTokenToNA();
                 }
                 ch = getNextSignedByteFromBuffer(); // ok to have sign extension for now
@@ -1763,7 +1765,7 @@ protected JsonToken _startFloat(char[] outBuf, int outPtr, int ch) throws Jackso
                 ++fractLen;
             }
         }
-        _fractLength = fractLen;
+        _setFractLength(fractLen);
         int expLen = 0;
         if ((ch | 0x20) == INT_e) { // ~ 'eE' exponent?
             if (outPtr >= outBuf.length) {
@@ -1799,7 +1801,7 @@ protected JsonToken _startFloat(char[] outBuf, int outPtr, int ch) throws Jackso
                 if (_inputPtr >= _inputEnd) {
                     _textBuffer.setCurrentLength(outPtr);
                     _minorState = MINOR_NUMBER_EXPONENT_DIGITS;
-                    _expLength = expLen;
+                    _setExpLength(expLen);
                     return _updateTokenToNA();
                 }
                 ch = getNextSignedByteFromBuffer();
@@ -1814,11 +1816,11 @@ protected JsonToken _startFloat(char[] outBuf, int outPtr, int ch) throws Jackso
         --_inputPtr;
         _textBuffer.setCurrentLength(outPtr);
         // negative, int-length, fract-length already set, so...
-        _expLength = expLen;
         // As per #105, need separating space between root values; check here
         if (_streamReadContext.inRoot()) {
             _verifyRootSpace(ch);
         }
+        _setExpLength(expLen);
         return _valueComplete(JsonToken.VALUE_NUMBER_FLOAT);
     }
 
@@ -1840,7 +1842,7 @@ protected JsonToken _finishFloatFraction() throws JacksonException
                 outBuf[outPtr++] = (char) ch;
                 if (_inputPtr >= _inputEnd) {
                     _textBuffer.setCurrentLength(outPtr);
-                    _fractLength = fractLen;
+                    _setFractLength(fractLen);
                     return JsonToken.NOT_AVAILABLE;
                 }
                 ch = getNextSignedByteFromBuffer();
@@ -1866,7 +1868,7 @@ protected JsonToken _finishFloatFraction() throws JacksonException
                 _reportUnexpectedNumberChar(ch, "Decimal point not followed by a digit");
             }
         }
-        _fractLength = fractLen;
+        _setFractLength(fractLen);
         _textBuffer.setCurrentLength(outPtr);
 
         // Ok: end of floating point number or exponent?
@@ -1920,7 +1922,7 @@ protected JsonToken _finishFloatExponent(boolean checkSign, int ch) throws Jacks
             outBuf[outPtr++] = (char) ch;
             if (_inputPtr >= _inputEnd) {
                 _textBuffer.setCurrentLength(outPtr);
-                _expLength = expLen;
+                _setExpLength(expLen);
                 return JsonToken.NOT_AVAILABLE;
             }
             ch = getNextSignedByteFromBuffer();
@@ -1934,11 +1936,11 @@ protected JsonToken _finishFloatExponent(boolean checkSign, int ch) throws Jacks
         --_inputPtr;
         _textBuffer.setCurrentLength(outPtr);
         // negative, int-length, fract-length already set, so...
-        _expLength = expLen;
         // As per #105, need separating space between root values; check here
         if (_streamReadContext.inRoot()) {
             _verifyRootSpace(ch);
         }
+        _setExpLength(expLen);
         return _valueComplete(JsonToken.VALUE_NUMBER_FLOAT);
     }
 
@@ -3214,4 +3216,21 @@ private final void _verifyRootSpace(int ch) throws JacksonException
     /* Internal methods, other
     /**********************************************************************
      */
+
+    private void _setIntLength(final int len) throws StreamConstraintsException {
+        _streamReadConstraints.validateIntegerLength(len);
+        _intLength = len;
+    }
+
+    private void _setFractLength(final int len) throws StreamConstraintsException {
+        // assumes that the _intLength has been updated first
+        _streamReadConstraints.validateFPLength(_intLength + len);
+        _fractLength = len;
+    }
+
+    private void _setExpLength(final int len) throws StreamConstraintsException {
+        // assumes that the _intLength and _fractLength have been updated already
+        _streamReadConstraints.validateFPLength(_intLength + _fractLength + len);
+        _expLength = len;
+    }
 }
diff --git a/src/test/java/tools/jackson/core/unittest/constraints/AsyncLargeNumberReadTest.java b/src/test/java/tools/jackson/core/unittest/constraints/AsyncLargeNumberReadTest.java
@@ -0,0 +1,108 @@
+package tools.jackson.core.unittest.constraints;
+
+import org.junit.jupiter.api.Test;
+
+import tools.jackson.core.*;
+import tools.jackson.core.async.ByteArrayFeeder;
+import tools.jackson.core.exc.StreamConstraintsException;
+import tools.jackson.core.json.JsonFactory;
+import tools.jackson.core.unittest.JacksonCoreTestBase;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Number Length Constraint Bypass in Non-Blocking (Async) JSON Parsers
+ */
+class AsyncLargeNumberReadTest
+    extends JacksonCoreTestBase
+{
+    private static final int TEST_NUMBER_LENGTH = StreamReadConstraints.DEFAULT_MAX_NUM_LEN * 2;
+
+    private final JsonFactory JSON_F = newStreamFactory();
+
+    @Test
+    void asyncParserFailsTooLongInt() throws Exception {
+        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);
+
+        try (JsonParser p = JSON_F.createNonBlockingByteArrayParser(ObjectReadContext.empty())) {
+            ByteArrayFeeder byteArrayFeeder = (ByteArrayFeeder) p;
+            byteArrayFeeder.feedInput(payload, 0, payload.length);
+            byteArrayFeeder.endOfInput();
+    
+            _asyncParserFailsTooLongNumber(p, JsonToken.VALUE_NUMBER_INT);
+        }
+    }
+
+    @Test
+    void asyncParserFailsTooLongDecimal() throws Exception {
+        byte[] payload = buildPayloadWithLongDecimal(TEST_NUMBER_LENGTH);
+
+        try (JsonParser p = JSON_F.createNonBlockingByteArrayParser(ObjectReadContext.empty())) {
+            ByteArrayFeeder byteArrayFeeder = (ByteArrayFeeder) p;
+            byteArrayFeeder.feedInput(payload, 0, payload.length);
+            byteArrayFeeder.endOfInput();
+
+            _asyncParserFailsTooLongNumber(p, JsonToken.VALUE_NUMBER_FLOAT);
+        }
+    }
+
+    @Test
+    void asyncParserFailsTooLongDecimalWithExponent() throws Exception {
+        byte[] payload = buildPayloadWithLongExponent(TEST_NUMBER_LENGTH);
+
+        try (JsonParser p = JSON_F.createNonBlockingByteArrayParser(ObjectReadContext.empty())) {
+            ByteArrayFeeder byteArrayFeeder = (ByteArrayFeeder) p;
+            byteArrayFeeder.feedInput(payload, 0, payload.length);
+            byteArrayFeeder.endOfInput();
+
+            _asyncParserFailsTooLongNumber(p, JsonToken.VALUE_NUMBER_FLOAT);
+        }
+    }
+    
+    private void _asyncParserFailsTooLongNumber(JsonParser p, JsonToken tokenMatch) throws Exception {
+        boolean foundNumber = false;
+        try {
+            while (p.nextToken() != null) {
+                if (p.currentToken() == tokenMatch) {
+                    foundNumber = true;
+                    String numberText = p.getString();
+                    assertEquals(TEST_NUMBER_LENGTH, numberText.length(),
+                            "Async parser silently accepted all " + TEST_NUMBER_LENGTH + " digits");
+                }
+            }
+            fail("Async parser must reject a " + TEST_NUMBER_LENGTH + "-digit number (number found? "+foundNumber+")");
+        } catch (StreamConstraintsException e) {
+            verifyException(e, "Number value length (");
+            verifyException(e, " exceeds the maximum allowed");
+        }
+    }
+
+    private byte[] buildPayloadWithLongInteger(int numDigits) {
+        StringBuilder sb = new StringBuilder(numDigits + 10);
+        sb.append("{\"v\":");
+        for (int i = 0; i < numDigits; i++) {
+            sb.append((char) ('1' + (i % 9)));
+        }
+        sb.append('}');
+        return utf8Bytes(sb.toString());
+    }
+
+    private byte[] buildPayloadWithLongDecimal(int numDigits) {
+        StringBuilder sb = new StringBuilder(numDigits + 10);
+        sb.append("{\"v\":0.");
+        for (int i = 0; i < numDigits; i++) {
+            sb.append((char) ('1' + (i % 9)));
+        }
+        sb.append('}');
+        return utf8Bytes(sb.toString());
+    }
+
+    private byte[] buildPayloadWithLongExponent(int numDigits) {
+        StringBuilder sb = new StringBuilder(numDigits + 10);
+        sb.append("{\"v\":1.1E");
+        for (int i = 0; i < numDigits; i++) {
+            sb.append((char) ('1' + (i % 9)));
+        }
+        return utf8Bytes(sb.toString());
+    }
+}
diff --git a/src/test/java/tools/jackson/core/unittest/constraints/LargeNumberReadTest.java b/src/test/java/tools/jackson/core/unittest/constraints/LargeNumberReadTest.java
@@ -17,7 +17,6 @@
  * Set of basic unit tests for verifying that "too big" number constraints
  * are caught by various JSON parser backends.
  */
-
 @SuppressWarnings("resource")
 class LargeNumberReadTest
     extends tools.jackson.core.unittest.JacksonCoreTestBase
