Fix #3447

cowtowncoder · cowtowncoder · commit a1fa4ae4ecf5 · 2022-05-04T06:59:09.000-07:00
diff --git a/release-notes/CREDITS-2.x b/release-notes/CREDITS-2.x
@@ -1452,3 +1452,7 @@ Gary Morgan (morganga@github)
 Jan Judas (kostislav@github)
   * Contributed #3445: Do not strip generic type from `Class<C>` when resolving `JavaType`
   (2.14.0)
+
+Deniz Husaj (denizhusaj@github)
+  * Reported #3447: Deeply nested JsonNode throws StackOverflowError for toString()
+  (2.14.0)
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -19,6 +19,8 @@ Project: jackson-databind
   JSON `null` values on reading
 #3443: Do not strip generic type from `Class<C>` when resolving `JavaType`
  (contributed by Jan J)
+#3447: Deeply nested JsonNode throws StackOverflowError for toString()
+ (reported by Deniz H)
 #3476: Implement `JsonNodeFeature.WRITE_NULL_PROPERTIES` to allow skipping
   JSON `null` values on writing
 
diff --git a/src/main/java/com/fasterxml/jackson/databind/node/InternalNodeMapper.java b/src/main/java/com/fasterxml/jackson/databind/node/InternalNodeMapper.java
@@ -1,8 +1,10 @@
 package com.fasterxml.jackson.databind.node;
 
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.NoSuchElementException;
 
 import com.fasterxml.jackson.core.JsonGenerator;
 
@@ -92,31 +94,100 @@ public void serializeWithType(JsonGenerator g, SerializerProvider ctxt, TypeSeri
             serialize(g, ctxt);
         }
 
-    
         protected void _serializeNonRecursive(JsonGenerator g, JsonNode node) throws IOException
         {
             if (node instanceof ObjectNode) {
-                g.writeStartObject(this);
-                Iterator<Map.Entry<String, JsonNode>> it = node.fields();
-                while (it.hasNext()) {
-                    Map.Entry<String, JsonNode> en = it.next();
-                    JsonNode value = en.getValue();
-                    g.writeFieldName(en.getKey());
-                    value.serialize(g, _context);
-                }
-                g.writeEndObject();
+                g.writeStartObject(this, node.size());
+                _serializeNonRecursive(g, new IteratorStack(), node.fields());
             } else if (node instanceof ArrayNode) {
                 g.writeStartArray(this, node.size());
-                Iterator<JsonNode> it = node.elements();
-                while (it.hasNext()) {
-                    // For now, assuming it's either BaseJsonNode, JsonSerializable
-                    JsonNode value = it.next();
-                    value.serialize(g, _context);
-                }
-                g.writeEndArray();
+                _serializeNonRecursive(g, new IteratorStack(), node.elements());
             } else {
                 node.serialize(g, _context);
             }
         }
+
+        protected void _serializeNonRecursive(JsonGenerator g, IteratorStack stack,
+                final Iterator<?> rootIterator)
+            throws IOException
+        {
+            Iterator<?> currIt = rootIterator;
+            while (true) {
+                // First: any more elements from the current iterator?
+                while (currIt.hasNext()) {
+                    JsonNode value;
+
+                    // Otherwise we do have another Map or Array element to handle
+                    Object elem = currIt.next();
+                    if (elem instanceof Map.Entry<?,?>) {
+                        @SuppressWarnings("unchecked")
+                        Map.Entry<String, JsonNode> en = (Map.Entry<String, JsonNode>) elem;
+                        g.writeFieldName(en.getKey());
+                        value = en.getValue();
+                    } else {
+                        value = (JsonNode) elem;
+                    }
+                    if (value instanceof ObjectNode) {
+                        stack.push(currIt);
+                        currIt = value.fields();
+                        g.writeStartObject(value, value.size());
+                    } else if (value instanceof ArrayNode) {
+                        stack.push(currIt);
+                        currIt = value.elements();
+                        g.writeStartArray(value, value.size());
+                    } else {
+                        value.serialize(g, _context);
+                    }
+                }
+                if (g.getOutputContext().inArray()) {
+                    g.writeEndArray();
+                } else {
+                    g.writeEndObject();
+                }
+                currIt = stack.popOrNull();
+                if (currIt == null) {
+                    return;
+                }
+            }
+        }
+    }
+
+    /**
+     * Optimized variant similar in functionality to (a subset of)
+     * {@link java.util.ArrayDeque}; used to hold enclosing Array/Object
+     * nodes during recursion-as-iteration.
+     */
+    final static class IteratorStack
+    {
+        private Iterator<?>[] _stack;
+        private int _top, _end;
+
+        public IteratorStack() { }
+
+        public void push(Iterator<?> it)
+        {
+            if (_top < _end) {
+                _stack[_top++] = it; // lgtm [java/dereferenced-value-may-be-null]
+                return;
+            }
+            if (_stack == null) {
+                _end = 10;
+                _stack = new Iterator<?>[_end];
+            } else {
+                // grow by 50%, for most part
+                _end += Math.min(4000, Math.max(20, _end>>1));
+                _stack = Arrays.copyOf(_stack, _end);
+            }
+            _stack[_top++] = it;
+        }
+
+        public Iterator<?> popOrNull() {
+            if (_top == 0) {
+                return null;
+            }
+            // note: could clean up stack but due to usage pattern, should not make
+            // much difference since the whole stack is discarded after serialization done
+            return _stack[--_top];
+        }
     }
 }
diff --git a/src/test/java/com/fasterxml/jackson/databind/deser/dos/DeepJsonNodeSerTest.java b/src/test/java/com/fasterxml/jackson/databind/deser/dos/DeepJsonNodeSerTest.java
@@ -0,0 +1,31 @@
+package com.fasterxml.jackson.databind.deser.dos;
+
+import com.fasterxml.jackson.databind.BaseMapTest;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class DeepJsonNodeSerTest extends BaseMapTest
+{
+    private final ObjectMapper MAPPER = newJsonMapper();
+
+    public void testVeryDeepNodeSer() throws Exception
+    {
+        int depth = 9000;
+        StringBuilder jsonString = new StringBuilder();
+        jsonString.append("{");
+
+        for (int i=0; i < depth; i++) {
+          jsonString.append(String.format("\"abc%s\": {", i));
+        }
+
+        for (int i=0; i < depth; i++) {
+          jsonString.append("}");
+        }
+
+        jsonString.append("}");
+
+        JsonNode jsonNode = MAPPER.readTree(jsonString.toString());
+        String json = jsonNode.toString();
+        assertNotNull(json);
+    }
+}
