gson Version: 2.7
Operating System: Ubuntu 16.04.4 LTS, McOs High Sierra (version 10.13.5)
Machine: single machine (laptop)
Junit version: 4.12

Steps to reproduce

Please run the attached test suite for the class com.google.gson.JsonPrimitive.

JsonPrimitiveTestSuite.txt

Context:

The tests I provided come from a static analysis prototype I have been working on as part of a research project. The tool analyses a specified dependency of a project to identify risky API calls which may potentially lead to runtime exceptions. Runtime exceptions may occur either because 1) an API is lacking sufficient documentation, or 2) usage of the API does not conform to the specification, or 3) API wrapper does not indicate the API specification as part of its own specification. The prototype then automatically generates test cases which show how such exceptions may be triggered.

I have been evaluating the tool on various open source projects. In the case of Gson-2.7, JDK API calls are analyzed. Each provided test case triggers a unique crash due to how data are forwarded to the JDK APIs (e.g. Short.parseShort(...)).

Possible fixes

Before calling the JDK APIs, there should be some checks on the forwarded values.