From 9fcf1e79b7b7b17e5c2dc7e2b02ffc4f31ebfc0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 14:20:00 -0800 Subject: [PATCH 1/3] Bump the github-actions group with 4 updates (#1396) --- .github/workflows/cifuzz.yml | 2 +- .github/workflows/main.yml | 4 ++-- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 2c62ea65cd..7d2f5bd009 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -27,7 +27,7 @@ jobs: dry-run: false language: jvm - name: Upload Crash - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() && steps.build.outcome == 'success' with: name: artifacts diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a7594c35f5..c8653a5d6e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,7 +40,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: 'temurin' java-version: ${{ matrix.java_version }} @@ -73,7 +73,7 @@ jobs: run: ./mvnw -B -q -ff -ntp test - name: Publish code coverage if: ${{ matrix.release_build && github.event_name != 'pull_request' }} - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./target/site/jacoco/jacoco.xml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2cd0d1abab..faed425aae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: [[ "$TAG" =~ jackson-core-[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)? ]] || exit 1 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: "temurin" java-version: "8" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1a7c914e64..044fa4981f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -52,7 +52,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif From 7e3c4088c9359f631c7150c2b6bc5e3bf842dfac Mon Sep 17 00:00:00 2001 From: PJ Fanning Date: Wed, 5 Feb 2025 01:35:58 +0100 Subject: [PATCH 2/3] Changes post #4917: forcibly clear `_numberString` when new number token set (#1400) --- .../jackson/core/base/ParserBase.java | 3 + .../core/read/NumberParsing1397Test.java | 77 +++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 src/test/java/com/fasterxml/jackson/core/read/NumberParsing1397Test.java diff --git a/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java b/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java index 4b09c42e54..3b0aeaf25d 100644 --- a/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java +++ b/src/main/java/com/fasterxml/jackson/core/base/ParserBase.java @@ -597,6 +597,7 @@ protected final JsonToken resetInt(boolean negative, int intLen) _fractLength = 0; _expLength = 0; _numTypesValid = NR_UNKNOWN; // to force decoding + _numberString = null; return JsonToken.VALUE_NUMBER_INT; } @@ -611,6 +612,7 @@ protected final JsonToken resetFloat(boolean negative, int intLen, int fractLen, _fractLength = fractLen; _expLength = expLen; _numTypesValid = NR_UNKNOWN; // to force decoding + _numberString = null; return JsonToken.VALUE_NUMBER_FLOAT; } @@ -621,6 +623,7 @@ protected final JsonToken resetAsNaN(String valueStr, double value) _numberDouble = value; _numTypesValid = NR_DOUBLE; _numberIsNaN = true; + _numberString = null; return JsonToken.VALUE_NUMBER_FLOAT; } diff --git a/src/test/java/com/fasterxml/jackson/core/read/NumberParsing1397Test.java b/src/test/java/com/fasterxml/jackson/core/read/NumberParsing1397Test.java new file mode 100644 index 0000000000..27a445f0f4 --- /dev/null +++ b/src/test/java/com/fasterxml/jackson/core/read/NumberParsing1397Test.java @@ -0,0 +1,77 @@ +package com.fasterxml.jackson.core.read; + +import com.fasterxml.jackson.core.JUnit5TestBase; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonToken; +import com.fasterxml.jackson.core.TokenStreamFactory; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +class NumberParsing1397Test extends JUnit5TestBase +{ + private TokenStreamFactory JSON_F = newStreamFactory(); + + final String radiusValue = "179769313486231570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + final String INPUT_JSON = a2q("{ 'results': [ { " + + "'radius': " + radiusValue + ", " + + "'type': 'center', " + + "'center': { " + + "'x': -11.0, " + + "'y': -2.0 } } ] }"); + + // [jackson-core#1397] + @Test + public void issue1397() throws Exception + { + for (int mode : ALL_MODES) { + testIssue(JSON_F, mode, INPUT_JSON, true); + testIssue(JSON_F, mode, INPUT_JSON, false); + } + } + + private void testIssue(final TokenStreamFactory jsonF, + final int mode, + final String json, + final boolean checkFirstNumValues) throws Exception + { + // checkFirstNumValues=false reproduces the issue in https://github.com/FasterXML/jackson-core/issues/1397 + try (JsonParser p = createParser(jsonF, mode, json)) { + assertToken(JsonToken.START_OBJECT, p.nextToken()); + assertToken(JsonToken.FIELD_NAME, p.nextToken()); + assertEquals("results", p.currentName()); + assertToken(JsonToken.START_ARRAY, p.nextToken()); + assertToken(JsonToken.START_OBJECT, p.nextToken()); + assertToken(JsonToken.FIELD_NAME, p.nextToken()); + assertEquals("radius", p.currentName()); + assertToken(JsonToken.VALUE_NUMBER_INT, p.nextToken()); + assertEquals(JsonParser.NumberType.BIG_INTEGER, p.getNumberType()); + assertEquals(radiusValue, p.getNumberValueDeferred()); + assertToken(JsonToken.FIELD_NAME, p.nextToken()); + assertEquals("type", p.currentName()); + assertToken(JsonToken.VALUE_STRING, p.nextToken()); + assertEquals("center", p.getText()); + assertToken(JsonToken.FIELD_NAME, p.nextToken()); + assertEquals("center", p.currentName()); + assertToken(JsonToken.START_OBJECT, p.nextToken()); + assertToken(JsonToken.FIELD_NAME, p.nextToken()); + assertEquals("x", p.currentName()); + assertToken(JsonToken.VALUE_NUMBER_FLOAT, p.nextToken()); + if (checkFirstNumValues) { + assertEquals(JsonParser.NumberType.DOUBLE, p.getNumberType()); + assertEquals(Double.valueOf(-11.0d), p.getNumberValueDeferred()); + } + assertEquals(Double.valueOf(-11.0d), p.getDoubleValue()); + assertToken(JsonToken.FIELD_NAME, p.nextToken()); + assertEquals("y", p.currentName()); + assertToken(JsonToken.VALUE_NUMBER_FLOAT, p.nextToken()); + assertEquals(JsonParser.NumberType.DOUBLE, p.getNumberType()); + assertEquals(Double.valueOf(-2.0d), p.getNumberValueDeferred()); + assertEquals(Double.valueOf(-2.0d), p.getDoubleValue()); + assertToken(JsonToken.END_OBJECT, p.nextToken()); + assertToken(JsonToken.END_OBJECT, p.nextToken()); + assertToken(JsonToken.END_ARRAY, p.nextToken()); + assertToken(JsonToken.END_OBJECT, p.nextToken()); + } + } +} From 58889b00da947f6bd9c2cdbdc8797b2a11a97a8a Mon Sep 17 00:00:00 2001 From: Tatu Saloranta Date: Tue, 4 Feb 2025 16:39:00 -0800 Subject: [PATCH 3/3] Update release notes wrt #1397 --- release-notes/VERSION-2.x | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x index ec4d6b89f6..e2296f6eea 100644 --- a/release-notes/VERSION-2.x +++ b/release-notes/VERSION-2.x @@ -19,6 +19,10 @@ a pure JSON library. #1391: Fix issue where the parser can read back old number state when parsing later numbers (fix contributed by @pjfanning) +#1397: Jackson changes additional values to infinite in case of special + JSON structures and existing infinite values + (reported by @Rodenstock) + (fix contributed by @pjfanning) 2.17.3 (01-Nov-2024)