error parsing large json object dumps out entire json string as exception message

Description

https://github.com/lucee/Lucee/blob/5.3/core/src/main/java/lucee/runtime/interpreter/CFMLExpressionInterpreter.java

this behaves differently, sometimes OOM, other times it throws a syntax error which then logs out the entire json string as the exception message.

this json sample is 24mb, it should never be all logged out. the exception message should be always be short and understandable.

it's three times worse, coz the message gets logged out three times

also, I think the memory isn't being released as the exception is kept in memory with debugging enabled

also when this runs successfully, the DeserializeJson timer output doesn't work either?

Environment

None

Activity

Show:
Pothys - MitrahSoft
April 1, 2020, 1:53 PM

I've checked this ticket and confirmed the issue happened on lucee latest version 5.3.6.36 SNAPSHOT also. Yeah, the exception message shows full 24mb JSON data and also it created an exception.log.1.bak file having a size of almost 80mb at every time run the file.

Zac Spitzer
April 1, 2020, 2:56 PM

Potentially sensitive info should only be in the error detail

Pothys - MitrahSoft
April 2, 2020, 6:40 AM

Added a fix for this ticket.

Pull Request: https://github.com/lucee/Lucee/pull/912

Zac Spitzer
April 2, 2020, 7:16 AM
Edited

can you move the cfml snippet
to the exception detail?

i.e

becomes

otherwise sensitive information may be exposed

Pothys - MitrahSoft
April 2, 2020, 7:39 AM

, Moved the CFML snippet to exception detail.

Assignee

Michael Offner

Reporter

Zac Spitzer

Priority

New

Labels

Fix versions

None

Affects versions

Configure