[java] Tighten JSON number lexer to match RFC 8259#17739
Conversation
The previous nextNumber() collected any subset of '- + 0-9 . e E' and then handed the string to Long.valueOf or BigDecimal. That accepted several spec-invalid forms: '+5' (leading plus), '01' (leading zero), '.5' (no digit before decimal), '5.' (no digit after decimal), '1e' (exponent without digits), '-' alone. Very large exponents also silently produced Double.POSITIVE_INFINITY, for which JSON has no representation. Replace the collector with a proper state machine that follows the grammar 'number = [minus] int [frac] [exp]', and reject non-finite doubles. Also drop '+' from the peek() classifier so it no longer claims to see a JSON number.
53d5bf5 to
ee9fa0c
Compare
PR Summary by QodoTighten JsonInput number lexing to RFC 8259 grammar and reject non-finite doubles
AI Description
Diagram
High-Level Assessment
Files changed (2)
|
Code Review by Qodo
Context used✅ Compliance rules (platform):
18 rules 1.
|
Casting Input.peek() to (char) turned end-of-input (-1) into U+FFFF, which is misleading now that U+FFFF is treated as a legitimate string character. Route the three sites in nextNumber() through a small helper that renders EOF as <EOF> and printable code units in quotes.
|
Code review by qodo was updated up to the latest commit e1f3ed2 |
nextNumber()collected any of- + 0-9 . e Eand handed the string toLong.valueOf/BigDecimal. It accepted several spec-invalid forms:+5(leading plus)01,007(leading zeros).5(no digit before decimal)5.(no digit after decimal)1e,-(sign / exponent without digits)Very large exponents (
1e9999) also silently producedDouble.POSITIVE_INFINITY, which JSON cannot represent.We now:
number = [minus] int [frac] [exp](RFC 8259 §6).doublevalues with a clear message.+frompeek()'s NUMBER classifier — it never was a valid JSON number start.