json: lower maximum allowed recursion to 2K

author Lennart Poettering <lennart@poettering.net>

Mon, 20 Jan 2020 19:13:46 +0000 (20:13 +0100)

committer Frantisek Sumsal <frantisek@sumsal.cz>

Tue, 21 Jan 2020 09:50:09 +0000 (10:50 +0100)
author Lennart Poettering <lennart@poettering.net>
Mon, 20 Jan 2020 19:13:46 +0000 (20:13 +0100)
committer Frantisek Sumsal <frantisek@sumsal.cz>
Tue, 21 Jan 2020 09:50:09 +0000 (10:50 +0100)
diff --git a/src/shared/json.c b/src/shared/json.c

index 869aa279eeef008a0216272913ea5981327b16d4..e9ae88c7473ed323a0e9cc08a077e42e9a8762ae 100644 (file)
--- a/src/shared/json.c
+++ b/src/shared/json.c
@@ -26,11 +26,17 @@
  #include "user-util.h"
  #include "utf8.h"
  
-/* Refuse putting together variants with a larger depth than 4K by default (as a protection against overflowing stacks
+/* Refuse putting together variants with a larger depth than 2K by default (as a protection against overflowing stacks
   * if code processes JSON objects recursively. Note that we store the depth in an uint16_t, hence make sure this
   * remains under 2^16.
- * The value was 16k, but it was discovered to be too high on llvm/x86-64. See also the issue #10738. */
-#define DEPTH_MAX (4U*1024U)
+ *
+ * The value first was 16k, but it was discovered to be too high on llvm/x86-64. See also:
+ * https://github.com/systemd/systemd/issues/10738
+ *
+ * The value then was 4k, but it was discovered to be too high on s390x/aarch64. See also:
+ * https://github.com/systemd/systemd/issues/14396 */
+
+#define DEPTH_MAX (2U*1024U)
  assert_cc(DEPTH_MAX <= UINT16_MAX);
  
  typedef struct JsonSource {
author	Lennart Poettering <lennart@poettering.net>
	Mon, 20 Jan 2020 19:13:46 +0000 (20:13 +0100)
committer	Frantisek Sumsal <frantisek@sumsal.cz>
	Tue, 21 Jan 2020 09:50:09 +0000 (10:50 +0100)