add integer & decimal overflow check

Author: wenshao

src/main/java/com/alibaba/fastjson/parser/JSONLexerBase.java

@@ -18,6 +18,7 @@
 import java.io.Closeable;
 import java.math.BigDecimal;
 import java.math.BigInteger;
+import java.math.MathContext;
 import java.util.*;
 
 import com.alibaba.fastjson.JSON;
@@ -458,11 +459,11 @@ public final Number integerValue() throws NumberFormatException {
             // Accumulating negatively avoids surprises near MAX_VALUE
             digit = charAt(i++) - '0';
             if (result < multmin) {
-                return new BigInteger(numberString());
+                return new BigInteger(numberString(), 10);
             }
             result *= 10;
             if (result < limit + digit) {
-                return new BigInteger(numberString());
+                return new BigInteger(numberString(), 10);
             }
             result -= digit;
         }
@@ -3041,8 +3042,11 @@ public BigDecimal scanDecimal(char seperator) {
                 count = bp + offset - start - 1;
             }
 
+            if (count > 65535) {
+                throw new JSONException("decimal overflow");
+            }
             char[] chars = this.sub_chars(start, count);
-            value = new BigDecimal(chars);
+            value = new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
         } else if (chLocal == 'n' && charAt(bp + offset) == 'u' && charAt(bp + offset + 1) == 'l' && charAt(bp + offset + 2) == 'l') {
             matchStat = VALUE_NULL;
             value = null;
@@ -3715,8 +3719,12 @@ public BigDecimal scanFieldDecimal(char[] fieldName) {
                 count = bp + offset - start - 1;
             }
 
+            if (count > 65535) {
+                throw new JSONException("scan decimal overflow");
+            }
+
             char[] chars = this.sub_chars(start, count);
-            value = new BigDecimal(chars);
+            value = new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
         } else if (chLocal == 'n' &&
                    charAt(bp + offset) == 'u' &&
                    charAt(bp + offset + 1) == 'l' &&
@@ -3856,8 +3864,12 @@ public BigInteger scanFieldBigInteger(char[] fieldName) {
 
 //            char[] chars = this.sub_chars(negative ? start + 1 : start, count);
 //            value = new BigInteger(chars, )
+                if (count > 65535) {
+                    throw new JSONException("scanInteger overflow");
+                }
+
                 String strVal = this.subString(start, count);
-                value = new BigInteger(strVal);
+                value = new BigInteger(strVal, 10);
             }
         } else if (chLocal == 'n' &&
                    charAt(bp + offset) == 'u' &&
@@ -5150,6 +5162,10 @@ public final void scanNumber() {
             }
         }
 
+        if (sp > 65535) {
+            throw new JSONException("scanNumber overflow");
+        }
+
         if (ch == 'L') {
             sp++;
             next();

src/main/java/com/alibaba/fastjson/parser/JSONReaderScanner.java

@@ -20,6 +20,7 @@
 import java.io.Reader;
 import java.io.StringReader;
 import java.math.BigDecimal;
+import java.math.MathContext;
 
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONException;
@@ -296,7 +297,11 @@ public final BigDecimal decimalValue() {
             sp--;
         }
 
-        return new BigDecimal(buf, offset, sp);
+        if (sp > 65535) {
+            throw new JSONException("decimal overflow");
+        }
+
+        return new BigDecimal(buf, offset, sp, MathContext.UNLIMITED);
     }
 
     public void close() {

src/main/java/com/alibaba/fastjson/parser/JSONScanner.java

@@ -21,6 +21,7 @@
 import com.alibaba.fastjson.util.IOUtils;
 
 import java.math.BigDecimal;
+import java.math.MathContext;
 import java.util.*;
 
 //这个类，为了性能优化做了很多特别处理，一切都是为了性能！！！
@@ -188,14 +189,18 @@ public final BigDecimal decimalValue() {
             sp--;
         }
 
+        if (sp > 65535) {
+            throw new JSONException("decimal overflow");
+        }
+
         int offset = np, count = sp;
         if (count < sbuf.length) {
             text.getChars(offset, offset + count, sbuf, 0);
-            return new BigDecimal(sbuf, 0, count);
+            return new BigDecimal(sbuf, 0, count, MathContext.UNLIMITED);
         } else {
             char[] chars = new char[count];
             text.getChars(offset, offset + count, chars, 0);
-            return new BigDecimal(chars);
+            return new BigDecimal(chars, 0, chars.length, MathContext.UNLIMITED);
         }
     }
 

src/main/java/com/alibaba/fastjson/serializer/BigIntegerCodec.java

@@ -19,6 +19,7 @@
 import java.lang.reflect.Type;
 import java.math.BigInteger;
 
+import com.alibaba.fastjson.JSONException;
 import com.alibaba.fastjson.parser.DefaultJSONParser;
 import com.alibaba.fastjson.parser.JSONLexer;
 import com.alibaba.fastjson.parser.JSONToken;
@@ -70,6 +71,11 @@ public static <T> T deserialze(DefaultJSONParser parser) {
         if (lexer.token() == JSONToken.LITERAL_INT) {
             String val = lexer.numberString();
             lexer.nextToken(JSONToken.COMMA);
+
+            if (val.length() > 65535) {
+                throw new JSONException("decimal overflow");
+            }
+
             return (T) new BigInteger(val);
         }
 

src/main/java/com/alibaba/fastjson/util/TypeUtils.java

@@ -324,6 +324,10 @@ public static BigDecimal castToBigDecimal(Object value){
         if(value instanceof Map && ((Map) value).size() == 0){
             return null;
         }
+
+        if (strVal.length() > 65535) {
+            throw new JSONException("decimal overflow");
+        }
         return new BigDecimal(strVal);
     }
 
@@ -350,6 +354,11 @@ public static BigInteger castToBigInteger(Object value){
                 || "NULL".equals(strVal)){
             return null;
         }
+
+        if (strVal.length() > 65535) {
+            throw new JSONException("decimal overflow");
+        }
+
         return new BigInteger(strVal);
     }