Further checking for SmileGenerator.writeNumber(String) to avoid pr…

…oblems
FasterXML · Dec 16, 2023 · db12a65 · db12a65
1 parent 1d1ccb0
commit db12a65
Showing 1 changed file with 31 additions and 7 deletions.
diff --git a/smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileGenerator.java b/smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileGenerator.java
@@ -1789,6 +1789,8 @@ public void writeNumber(String encodedValue) throws IOException
     protected void _writeIntegralNumber(String enc, boolean neg) throws IOException
     {
         int len = enc.length();
+        // 16-Dec-2023, tatu: Guard against too-big numbers
+        _streamReadConstraints().validateIntegerLength(len);
         if (neg) {
             --len;
         }
@@ -1806,18 +1808,23 @@ protected void _writeIntegralNumber(String enc, boolean neg) throws IOException
             }
             return;
         } catch (NumberFormatException e) { }
-        throw new JsonGenerationException("Invalid String representation for Number ('"+enc
-                +"'); can not write using Smile format", this);
+        _reportError("Invalid String representation for Number ('"+enc
+                +"'); can not write using Smile format");
     }
 
     protected void _writeDecimalNumber(String enc) throws IOException
     {
-        try {
-            writeNumber(NumberInput.parseBigDecimal(enc, false));
-        } catch (NumberFormatException e) {
-            throw new JsonGenerationException("Invalid String representation for Number ('"+enc
-                    +"'); can not write using Smile format", this);
+        // 16-Dec-2023, tatu: Guard against too-big numbers
+        _streamReadConstraints().validateFPLength(enc.length());
+        // ... and check basic validity too
+        if (NumberInput.looksLikeValidNumber(enc)) {
+            try {
+                writeNumber(NumberInput.parseBigDecimal(enc, false));
+                return;
+            } catch (NumberFormatException e) { }
         }
+        _reportError("Invalid String representation for Number ('"+enc
+                +"'); can not write using Smile format");
     }
 
     /*
@@ -2763,4 +2770,21 @@ protected long outputOffset() {
     protected UnsupportedOperationException _notSupported() {
         return new UnsupportedOperationException();
     }
+
+    /*
+    /**********************************************************
+    /* Internal methods, misc other
+    /**********************************************************
+     */
+
+    /**
+     * We need access to some reader-side constraints for safety-check within
+     * number decoding for {@linl #writeNumber(String)}: for now we need to
+     * rely on global defaults; should be ok for basic safeguarding.
+     *
+     * @since 2.17
+     */
+    protected StreamReadConstraints _streamReadConstraints() {
+        return StreamReadConstraints.defaults();
+    }
 }