diff options
author | Markus Armbruster <armbru@redhat.com> | 2015-11-25 22:23:23 +0100 |
---|---|---|
committer | Markus Armbruster <armbru@redhat.com> | 2015-11-26 09:18:04 +0100 |
commit | 0753113a26bb8c77f951b1ea91fd4f36d099c37a (patch) | |
tree | 3b487f57d8f3fb14e322154efb89bd57bc4fca67 /slirp/ip_icmp.c | |
parent | 4f2d31fbc0bfdf41feea7d1be49f4f7ffa005534 (diff) |
qjson: Don't crash when input exceeds nesting limit
We limit nesting depth and input size to defend against input
triggering excessive heap or stack memory use (commit 29c75dd
json-streamer: limit the maximum recursion depth and maximum token
count). However, when the nesting limit is exceeded,
parser_context_peek_token()'s assertion fails.
Broken in commit 65c0f1e "json-parser: don't replicate tokens at each
level of recursion".
To reproduce stuff 1025 open braces or brackets into QMP.
Fix by taking the error exit instead of the normal one.
Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-3-git-send-email-armbru@redhat.com>
Diffstat (limited to 'slirp/ip_icmp.c')
0 files changed, 0 insertions, 0 deletions