Skip to content

Commit f3793ae

Browse files
baylesjbaylesj
authored
Merge branch 'master' into version-header
2 parents be0575e + 715735a commit f3793ae

2 files changed

Lines changed: 14 additions & 4 deletions

File tree

src/lib_json/json_reader.cpp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
// Define JSONCPP_DEPRECATED_STACK_LIMIT as an appropriate integer at compile
4040
// time to change the stack limit
4141
#if !defined(JSONCPP_DEPRECATED_STACK_LIMIT)
42-
#define JSONCPP_DEPRECATED_STACK_LIMIT 1000
42+
#define JSONCPP_DEPRECATED_STACK_LIMIT 256
4343
#endif
4444

4545
static size_t const stackLimit_g =
@@ -1932,7 +1932,7 @@ void CharReaderBuilder::strictMode(Json::Value* settings) {
19321932
(*settings)["allowDroppedNullPlaceholders"] = false;
19331933
(*settings)["allowNumericKeys"] = false;
19341934
(*settings)["allowSingleQuotes"] = false;
1935-
(*settings)["stackLimit"] = 1000;
1935+
(*settings)["stackLimit"] = 256;
19361936
(*settings)["failIfExtra"] = true;
19371937
(*settings)["rejectDupKeys"] = true;
19381938
(*settings)["allowSpecialFloats"] = false;
@@ -1949,7 +1949,7 @@ void CharReaderBuilder::setDefaults(Json::Value* settings) {
19491949
(*settings)["allowDroppedNullPlaceholders"] = false;
19501950
(*settings)["allowNumericKeys"] = false;
19511951
(*settings)["allowSingleQuotes"] = false;
1952-
(*settings)["stackLimit"] = 1000;
1952+
(*settings)["stackLimit"] = 256;
19531953
(*settings)["failIfExtra"] = false;
19541954
(*settings)["rejectDupKeys"] = false;
19551955
(*settings)["allowSpecialFloats"] = false;
@@ -1965,7 +1965,7 @@ void CharReaderBuilder::ecma404Mode(Json::Value* settings) {
19651965
(*settings)["allowDroppedNullPlaceholders"] = false;
19661966
(*settings)["allowNumericKeys"] = false;
19671967
(*settings)["allowSingleQuotes"] = false;
1968-
(*settings)["stackLimit"] = 1000;
1968+
(*settings)["stackLimit"] = 256;
19691969
(*settings)["failIfExtra"] = true;
19701970
(*settings)["rejectDupKeys"] = false;
19711971
(*settings)["allowSpecialFloats"] = false;

src/test_lib_json/main.cpp

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3355,6 +3355,16 @@ JSONTEST_FIXTURE_LOCAL(CharReaderTest, parseWithStackLimit) {
33553355
JSONTEST_ASSERT_THROWS(
33563356
reader->parse(doc, doc + std::strlen(doc), &root, &errs));
33573357
}
3358+
// Default stack limit should reject deeply nested input (regression test for
3359+
// stack exhaustion from fuzz input like [[[[...]]]])
3360+
{
3361+
Json::CharReaderBuilder defaultBuilder;
3362+
Json::String nested(300, '[');
3363+
CharReaderPtr reader(defaultBuilder.newCharReader());
3364+
Json::String errs;
3365+
JSONTEST_ASSERT_THROWS(reader->parse(
3366+
nested.data(), nested.data() + nested.size(), &root, &errs));
3367+
}
33583368

33593369
#endif // JSON_USE_EXCEPTION
33603370
}

0 commit comments

Comments
 (0)