Skip to content

ALLOW_COERCION_OF_SCALARS ignored deserializing scalars with Afterburner #69

New issue
New issue
Closed
Closed
ALLOW_COERCION_OF_SCALARS ignored deserializing scalars with Afterburner#69
Milestone
2.9.9
@dansanduleac

Description

@dansanduleac
dansanduleac
opened on Jan 9, 2019

Let's look at deserializing an integer field, for example.

The code path in afterburner ends up here:

jackson-modules-base/afterburner/src/main/java/com/fasterxml/jackson/module/afterburner/deser/SettableIntFieldProperty.java

Line 40 in 2486587

int v = p.hasToken(JsonToken.VALUE_NUMBER_INT) ? p.getIntValue() : _deserializeInt(p, ctxt);

If the value being deserialized is not a VALUE_NUMBER_INT, then the code delegates to _deserializeInt which will always attempt to coerce a VALUE_STRING to an integer:

jackson-modules-base/afterburner/src/main/java/com/fasterxml/jackson/module/afterburner/deser/OptimizedSettableBeanProperty.java

Lines 242 to 264 in 2486587

if (t == JsonToken.VALUE_STRING) { // let's do implicit re-parse
String text = p.getText().trim();
if (_hasTextualNull(text)) {
return 0;
}
try {
int len = text.length();
if (len > 9) {
long l = Long.parseLong(text);
if (l < Integer.MIN_VALUE || l > Integer.MAX_VALUE) {
throw ctxt.weirdStringException(text, Integer.TYPE,
"Overflow: numeric value ("+text+") out of range of int ("+Integer.MIN_VALUE+" - "+Integer.MAX_VALUE+")");
}
return (int) l;
}
if (len == 0) {
return 0;
}
return NumberInput.parseInt(text);
} catch (IllegalArgumentException iae) {
throw ctxt.weirdStringException(text, Integer.TYPE, "not a valid int value");
}
}

This code path should only be enabled if MapperFeature.ALLOW_COERCION_OF_SCALARS is enabled.

Similarly, this check should be performed when attempting to deserialize other scalar types like boolean and long.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions