反序列化时,对字符串中的反斜杠 \ 判定为后一个字符的转义,从而反序列化出错
测试代码如下
char a = 0x5c;
HashMap<Object, Object> hashMap = new HashMap<>();
hashMap.put("1",a);
String string = JSON.toJSONString(hashMap);
System.out.println(string);
JSON.parse(string);输出结果和报错信息如下
{"1":"\"}
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 9
at com.alibaba.fastjson2.JSONReaderUTF16.readString(JSONReaderUTF16.java:1211)
at com.alibaba.fastjson2.reader.ObjectReaderImplMap.readObject(ObjectReaderImplMap.java:390)
at com.alibaba.fastjson2.reader.ObjectReaderImplObject.readObject(ObjectReaderImplObject.java:21)
at com.alibaba.fastjson2.JSON.parse(JSON.java:22)
at com.bitterz.test.main(test.java:35)
hashmap中放入其它键值对时报错不同
ArrayList<Object> list = new ArrayList<>();
list.add("123");
list.add("123");
char a = 0x5c;
HashMap<Object, Object> hashMap = new HashMap<>();
hashMap.put("1",a);
hashMap.put(list, 1);
String string = JSON.toJSONString(hashMap);
System.out.println(string);
JSON.parse(string);输出结果和报错内容如下
{"1":"\","[123, 123]":1}
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 24
at com.alibaba.fastjson2.JSONReaderUTF16.readFieldName(JSONReaderUTF16.java:510)
at com.alibaba.fastjson2.reader.ObjectReaderImplMap.readObject(ObjectReaderImplMap.java:352)
at com.alibaba.fastjson2.reader.ObjectReaderImplObject.readObject(ObjectReaderImplObject.java:21)
at com.alibaba.fastjson2.JSON.parse(JSON.java:22)
at com.bitterz.test.main(test.java:25)
反序列化时,对字符串中的反斜杠 \ 判定为后一个字符的转义,从而反序列化出错
测试代码如下
输出结果和报错信息如下
hashmap中放入其它键值对时报错不同
输出结果和报错内容如下