修复JSONUtil.parse()溢出问题

hutool-json/src/main/java/cn/hutool/json/JSONArray.java

@@ -3,6 +3,7 @@ package cn.hutool.json;
 import cn.hutool.core.bean.BeanPath;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.lang.Filter;
+import cn.hutool.core.lang.Validator;
 import cn.hutool.core.lang.mutable.Mutable;
 import cn.hutool.core.lang.mutable.MutableObj;
 import cn.hutool.core.lang.mutable.MutablePair;
@@ -457,10 +458,8 @@ public class JSONArray implements JSON, JSONGetter<Integer>, List<Object>, Rando
 			InternalJSONUtil.testValidity(element);
 			this.rawList.add(index, JSONUtil.wrap(element, this.config));
 		} else {
-			// issue#3286, 增加安全检查，最多增加2倍
-			if(index > (this.size() + 1) * 2) {
-				throw new JSONException("Index is too large:", index);
-			}
+			// issue#3286, 增加安全检查，最多增加10倍
+			Validator.checkIndexLimit(index, this.size());
 			while (index != this.size()) {
 				this.add(JSONNull.NULL);
 			}

hutool-json/src/main/java/cn/hutool/json/JSONParser.java

@@ -1,5 +1,6 @@
 package cn.hutool.json;
 
+import cn.hutool.core.lang.Console;
 import cn.hutool.core.lang.Filter;
 import cn.hutool.core.lang.mutable.Mutable;
 import cn.hutool.core.lang.mutable.MutablePair;
@@ -66,7 +67,7 @@ public class JSONParser {
 					}
 				default:
 					tokener.back();
-					key = tokener.nextValue().toString();
+					key = tokener.nextStringValue();
 			}
 
 			// The key is followed by ':'.

hutool-json/src/main/java/cn/hutool/json/JSONTokener.java

@@ -322,6 +322,43 @@ public class JSONTokener {
 		}
 	}
 
+	/**
+	 * 获取下一个String格式的值，用户获取key
+	 * @return String格式的值
+	 * @since 5.8.22
+	 */
+	public String nextStringValue(){
+		char c = this.nextClean();
+
+		switch (c) {
+			case '"':
+			case '\'':
+				return this.nextString(c);
+			case '{':
+			case '[':
+				throw this.syntaxError("Sting value must be not begin with a '{' or '['");
+		}
+
+		/*
+		 * Handle unquoted text. This could be the values true, false, or null, or it can be a number.
+		 * An implementation (such as this one) is allowed to also accept non-standard forms. Accumulate
+		 * characters until we reach the end of the text or a formatting character.
+		 */
+
+		final StringBuilder sb = new StringBuilder();
+		while (c >= ' ' && ",:]}/\\\"[{;=#".indexOf(c) < 0) {
+			sb.append(c);
+			c = this.next();
+		}
+		this.back();
+
+		final String string = sb.toString().trim();
+		if (string.isEmpty()) {
+			throw this.syntaxError("Missing value");
+		}
+		return string;
+	}
+
 	/**
 	 * 获得下一个值，值类型可以是Boolean, Double, Integer, JSONArray, JSONObject, Long, or String, or the JSONObject.NULL
 	 *
@@ -366,7 +403,7 @@ public class JSONTokener {
 		this.back();
 
 		string = sb.toString().trim();
-		if (0 == string.length()) {
+		if (string.isEmpty()) {
 			throw this.syntaxError("Missing value");
 		}
 		return InternalJSONUtil.stringToValue(string);

hutool-json/src/test/java/cn/hutool/json/Issue3289Test.java

@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2023 looly(loolly@aliyun.com)
+ * Hutool is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+package cn.hutool.json;
+
+import org.junit.Test;
+
+public class Issue3289Test {
+	@Test(expected = JSONException.class)
+	public void parseTest() {
+		final String s = "{\"a\":1,[6E962756779]}";
+		JSONUtil.parse(s);
+	}
+}