diff options
| author | fanquake <fanquake@gmail.com> | 2020-02-10 19:40:00 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2020-02-10 19:57:35 +0800 |
| commit | 657c5e5f1cd92169b5a3c880f01376b7ed0fd9b3 (patch) | |
| tree | b4f23f7b90f3bfa29f453a148758e74d97347427 /src/univalue/lib/univalue_read.cpp | |
| parent | 9e77726fb7371022862449ab35f3d7f7eac223eb (diff) | |
| parent | fad9ea8fdb0a7269a3fcc472fd948669d74f7aa7 (diff) | |
Merge #18099: Update univalue subtree
97aa5740c0e9ef433cbedafe689b641297b50f5e Squashed 'src/univalue/' changes from 5a58a46671..98261b1e7b (MarcoFalke)
Pull request description:
Closes #17742
ACKs for top commit:
fanquake:
ACK fad9ea8fdb0a7269a3fcc472fd948669d74f7aa7
Tree-SHA512: 6316cb0e974ee6575e2a98930203dc7d155b346d2d2fe5a322e3d8b77a87d378d31fde16ea2f90ff93736429ddb89799a26945de13ce4a20132550bbcec0a48e
Diffstat (limited to 'src/univalue/lib/univalue_read.cpp')
| -rw-r--r-- | src/univalue/lib/univalue_read.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/univalue/lib/univalue_read.cpp b/src/univalue/lib/univalue_read.cpp index 14834db24d..5c6a1acf75 100644 --- a/src/univalue/lib/univalue_read.cpp +++ b/src/univalue/lib/univalue_read.cpp @@ -8,6 +8,14 @@ #include "univalue.h" #include "univalue_utffilter.h" +/* + * According to stackexchange, the original json test suite wanted + * to limit depth to 22. Widely-deployed PHP bails at depth 512, + * so we will follow PHP's lead, which should be more than sufficient + * (further stackexchange comments indicate depth > 32 rarely occurs). + */ +static const size_t MAX_JSON_DEPTH = 512; + static bool json_isdigit(int ch) { return ((ch >= '0') && (ch <= '9')); @@ -323,6 +331,9 @@ bool UniValue::read(const char *raw, size_t size) stack.push_back(newTop); } + if (stack.size() > MAX_JSON_DEPTH) + return false; + if (utyp == VOBJ) setExpect(OBJ_NAME); else |