Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]大数解析报错 #2672

Closed
raychow opened this issue Jun 6, 2024 · 4 comments
Closed

[BUG]大数解析报错 #2672

raychow opened this issue Jun 6, 2024 · 4 comments
Labels
bug Something isn't working fixed
Milestone
2.0.52

Comments

@raychow
Copy link

raychow commented Jun 6, 2024

问题描述

fastjson2 2.0.51

JSON.parseObject("{\"token\": 2.105465717176397390012604E+1294}");

报错:
Exception in thread "main" com.alibaba.fastjson2.JSONException: too large exp value : 1294
at com.alibaba.fastjson2.JSONReaderUTF8.readNumber0(JSONReaderUTF8.java:5458)
at com.alibaba.fastjson2.JSONReader.readNumber(JSONReader.java:1004)
at com.alibaba.fastjson2.JSONReader.read(JSONReader.java:2087)
at com.alibaba.fastjson2.JSON.parseObject(JSON.java:348)

在 fastjson1 中 token 可被解析为 BigDecimal
@raychow raychow added the bug Something isn't working label Jun 6, 2024
@raychow raychow changed the title [BUG] [BUG]大数解析报错 Jun 6, 2024
@yanxutao89 yanxutao89 self-assigned this Jun 6, 2024
@wenshao
Copy link
Member

wenshao commented Jun 6, 2024

为什么有这么大的exp数值,你这个是测试数据还是业务数据?

目前做了限制最大1023。做这个限制是防止恶意输入做DOS攻击。

@raychow
Copy link
Author

raychow commented Jun 6, 2024
edited
Loading

为什么有这么大的exp数值,你这个是测试数据还是业务数据?

目前做了限制最大1023。做这个限制是防止恶意输入做DOS攻击。

我们上游系统的数据, 这个值是脏数据, 可以忽略, 但现在解析的时候没有时机处理. 希望能加个开关忽略掉值或者强制解析.

@yanxutao89 yanxutao89 removed their assignment Jun 6, 2024
@wenshao
Copy link
Member

wenshao commented Jun 6, 2024

https://oss.sonatype.org/content/repositories/snapshots/com/alibaba/fastjson2/fastjson2/2.0.52-SNAPSHOT/
问题已修复,最大exp调整为2048了,请用2.0.52-SNAPSHOT版本帮忙验证

@wenshao wenshao added this to the 2.0.52 milestone Jun 6, 2024
@wenshao wenshao added the fixed label Jun 6, 2024
yanxutao89 added a commit that referenced this issue Jun 7, 2024
@yanxutao89
fix add missed colon, for issue #2672
b75f70d
wenshao pushed a commit that referenced this issue Jun 7, 2024
@yanxutao89 @wenshao
fix add missed colon, for issue #2672
f8e2771
@wenshao
Copy link
Member

wenshao commented Jul 14, 2024

https://github.com/alibaba/fastjson2/releases/tag/2.0.52
问题已修复,请用新版本

@wenshao wenshao closed this as completed Jul 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working fixed
Projects
None yet
Milestone
2.0.52
Development

No branches or pull requests
3 participants
@wenshao @raychow @yanxutao89