diff options
-rw-r--r-- | json-streamer.c | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/json-streamer.c b/json-streamer.c index a6cb28f665..c255c7818f 100644 --- a/json-streamer.c +++ b/json-streamer.c @@ -56,29 +56,40 @@ static void json_message_process_token(JSONLexer *lexer, QString *token, JSONTok qlist_append(parser->tokens, dict); - if (parser->brace_count < 0 || + if (type == JSON_ERROR) { + goto out_emit_bad; + } else if (parser->brace_count < 0 || parser->bracket_count < 0 || (parser->brace_count == 0 && parser->bracket_count == 0)) { - parser->brace_count = 0; - parser->bracket_count = 0; - parser->emit(parser, parser->tokens); - QDECREF(parser->tokens); - parser->tokens = qlist_new(); - parser->token_size = 0; + goto out_emit; } else if (parser->token_size > MAX_TOKEN_SIZE || parser->bracket_count > MAX_NESTING || parser->brace_count > MAX_NESTING) { /* Security consideration, we limit total memory allocated per object * and the maximum recursion depth that a message can force. */ - parser->brace_count = 0; - parser->bracket_count = 0; - parser->emit(parser, parser->tokens); + goto out_emit; + } + + return; + +out_emit_bad: + /* clear out token list and tell the parser to emit and error + * indication by passing it a NULL list + */ + QDECREF(parser->tokens); + parser->tokens = NULL; +out_emit: + /* send current list of tokens to parser and reset tokenizer */ + parser->brace_count = 0; + parser->bracket_count = 0; + parser->emit(parser, parser->tokens); + if (parser->tokens) { QDECREF(parser->tokens); - parser->tokens = qlist_new(); - parser->token_size = 0; } + parser->tokens = qlist_new(); + parser->token_size = 0; } void json_message_parser_init(JSONMessageParser *parser, |