New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: encoding/json: Unmarshal overflowing numbers into math/big types #24502
Comments
The go/src/encoding/json/decode.go Lines 869 to 876 in 50921bf
before it even gets to the switch you pointed to. |
Edit: Nevermind. |
@dsnet Yup, I'm aware of that, which I acknowledge in the addendum to my proposal. |
When you say dynamic runtime, you mean something like this? var m map[string]interface{}
json.Unmarshal([]byte(`{"k1": "string", "k2": null, "k3": 1234, "k4": 12345678901234567890}`), &m)
fmt.Printf("%T\n", m["k3"])
fmt.Printf("%T\n", m["k4"]) // you expect to see *big.Int? |
@dsnet Yup! I actually found a workaround for my particular use-case, but I made this issue to probe interest in enabling exactly the code you've written. |
I'm slightly against this, since JSON in practice has to interact with the least common denominator of all the JSON in the ecosystem, and JavaScript can't even handle 64-bit integers, so I can't imagine there's many JSON documents in the world with a JSON number with so many digits that it'd overflow int64 or uint64 (the latter of which Java doesn't have either). I could be convinced if you somebody presented actual uses cases of JSON in the wild with such huge and unquoted number literals, and pointed out how other JSON parsers transparently deal with it. |
No one will expect *big.Int in the interface. It sounds like in your program you should be using json.Decoder.UseNumber. |
When unmarshaling JSON, an overflowing number is treated as if there was an error parsing the number:
go/src/encoding/json/decode.go
Lines 1035 to 1040 in 50921bf
Instead, an additional branch could added that attempts to unmarshal the number into a big.Int or big.Float.
I understand this could be contentious because RFC7159 recommends setting some limits to size of numbers in JSON, but strictly speaking there isn't one.
I'm personally running into this when trying to encode/decode cryptographic keys. I know that I could avoid this by declaring the type that I want to unmarshal, but I'm attempting to maintain run-time dynamic types for different types of keys.
The text was updated successfully, but these errors were encountered: