fix: Avoid stack overflow when deserializing large flat JSON objects (getsentry#5361)

denrase · buenaflor · web-flow · commit 83a416d1cfa8 · 2026-05-06T10:50:23.000+02:00
* fix: Avoid stack overflow when deserializing large flat JSON objects Replace JsonObjectDeserializer's recursive token parsing with an iterative loop. The parser already tracks state explicitly, so recursion was only used to advance to the next JSON token and could overflow on large flat maps. Relates to getsentry/sentry-dart#3668 * use larger module count vm might not respect stack size, so increase the frame count (with smaller payload) to make test more robust * add cl entries * fix cl entry * Update CHANGELOG.md --------- Co-authored-by: Giancarlo Buenaflor <giancarlo_buenaflor@yahoo.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,10 @@
   - [changelog](https://github.com/gradle/gradle/blob/master/CHANGELOG.md#v950)
   - [diff](https://github.com/gradle/gradle/compare/v9.4.1...v9.5.0)
 
+### Fixes
+
+- Avoid stack overflow when deserializing large flat JSON objects ([#5361](https://github.com/getsentry/sentry-java/pull/5361))
+
 ## 8.40.0
 
 ### Fixes
diff --git a/sentry/src/main/java/io/sentry/JsonObjectDeserializer.java b/sentry/src/main/java/io/sentry/JsonObjectDeserializer.java
@@ -82,49 +82,48 @@ private static final class TokenMap implements Token {
 
   private void parse(@NotNull JsonObjectReader reader) throws IOException {
     boolean done = false;
-    switch (reader.peek()) {
-      case BEGIN_ARRAY:
-        reader.beginArray();
-        pushCurrentToken(new TokenArray());
-        break;
-      case END_ARRAY:
-        reader.endArray();
-        done = handleArrayOrMapEnd();
-        break;
-      case BEGIN_OBJECT:
-        reader.beginObject();
-        pushCurrentToken(new TokenMap());
-        break;
-      case END_OBJECT:
-        reader.endObject();
-        done = handleArrayOrMapEnd();
-        break;
-      case NAME:
-        pushCurrentToken(new TokenName(reader.nextName()));
-        break;
-      case STRING:
-        // avoid method refs on Android due to some issues with older AGP setups
-        // noinspection Convert2MethodRef
-        done = handlePrimitive(() -> reader.nextString());
-        break;
-      case NUMBER:
-        done = handlePrimitive(() -> nextNumber(reader));
-        break;
-      case BOOLEAN:
-        // avoid method refs on Android due to some issues with older AGP setups
-        // noinspection Convert2MethodRef
-        done = handlePrimitive(() -> reader.nextBoolean());
-        break;
-      case NULL:
-        reader.nextNull();
-        done = handlePrimitive(() -> null);
-        break;
-      case END_DOCUMENT:
-        done = true;
-        break;
-    }
-    if (!done) {
-      parse(reader);
+    while (!done) {
+      switch (reader.peek()) {
+        case BEGIN_ARRAY:
+          reader.beginArray();
+          pushCurrentToken(new TokenArray());
+          break;
+        case END_ARRAY:
+          reader.endArray();
+          done = handleArrayOrMapEnd();
+          break;
+        case BEGIN_OBJECT:
+          reader.beginObject();
+          pushCurrentToken(new TokenMap());
+          break;
+        case END_OBJECT:
+          reader.endObject();
+          done = handleArrayOrMapEnd();
+          break;
+        case NAME:
+          pushCurrentToken(new TokenName(reader.nextName()));
+          break;
+        case STRING:
+          // avoid method refs on Android due to some issues with older AGP setups
+          // noinspection Convert2MethodRef
+          done = handlePrimitive(() -> reader.nextString());
+          break;
+        case NUMBER:
+          done = handlePrimitive(() -> nextNumber(reader));
+          break;
+        case BOOLEAN:
+          // avoid method refs on Android due to some issues with older AGP setups
+          // noinspection Convert2MethodRef
+          done = handlePrimitive(() -> reader.nextBoolean());
+          break;
+        case NULL:
+          reader.nextNull();
+          done = handlePrimitive(() -> null);
+          break;
+        case END_DOCUMENT:
+          done = true;
+          break;
+      }
     }
   }
 
diff --git a/sentry/src/test/java/io/sentry/SentryEventTest.kt b/sentry/src/test/java/io/sentry/SentryEventTest.kt
@@ -3,9 +3,11 @@ package io.sentry
 import io.sentry.exception.ExceptionMechanismException
 import io.sentry.protocol.Mechanism
 import io.sentry.protocol.SentryId
+import java.io.StringReader
 import java.time.Instant
 import java.time.temporal.ChronoUnit
 import java.util.Collections
+import java.util.concurrent.atomic.AtomicReference
 import kotlin.test.Test
 import kotlin.test.assertEquals
 import kotlin.test.assertFalse
@@ -174,6 +176,48 @@ class SentryEventTest {
     }
   }
 
+  @Test
+  fun `deserializes event with large flat modules map on a small stack`() {
+    val moduleCount = 50000
+    val json = buildString {
+      append("{\"event_id\":\"00000000000000000000000000000000\",\"modules\":{")
+      repeat(moduleCount) {
+        if (it > 0) {
+          append(',')
+        }
+        append("\"m")
+        append(it)
+        append("\":\"v\"")
+      }
+      append("}}")
+    }
+
+    val error = AtomicReference<Throwable?>()
+    val event = AtomicReference<SentryEvent?>()
+    val thread =
+      Thread(
+        null,
+        Runnable {
+          try {
+            event.set(
+              JsonSerializer(SentryOptions())
+                .deserialize(StringReader(json), SentryEvent::class.java)
+            )
+          } catch (throwable: Throwable) {
+            error.set(throwable)
+          }
+        },
+        "large-flat-modules-repro",
+        1024L * 1024L,
+      )
+
+    thread.start()
+    thread.join()
+
+    assertNull(error.get())
+    assertEquals(moduleCount, event.get()?.modules?.size)
+  }
+
   @Test
   fun `null tag does not cause NPE`() {
     val event = SentryEvent()
