** but the definitions need to be repeated for separate compilation. */
typedef sqlite3_uint64 u64;
typedef unsigned int u32;
+ typedef unsigned short int u16;
typedef unsigned char u8;
#endif
u32 *aUp; /* Index of parent of each node */
u8 oom; /* Set to true if out of memory */
u8 nErr; /* Number of errors seen */
+ u16 iDepth; /* Nesting depth */
};
+/*
+** Maximum nesting depth of JSON for this implementation.
+**
+** This limit is needed to avoid a stack overflow in the recursive
+** descent parser. A depth of 2000 is far deeper than any sane JSON
+** should go.
+*/
+#define JSON_MAX_DEPTH 2000
+
/**************************************************************************
** Utility routines for dealing with JsonString objects
**************************************************************************/
if( iThis<0 ) return -1;
for(j=i+1;;j++){
while( safe_isspace(z[j]) ){ j++; }
+ if( ++pParse->iDepth > JSON_MAX_DEPTH ) return -1;
x = jsonParseValue(pParse, j);
if( x<0 ){
+ pParse->iDepth--;
if( x==(-2) && pParse->nNode==(u32)iThis+1 ) return j+1;
return -1;
}
if( z[j]!=':' ) return -1;
j++;
x = jsonParseValue(pParse, j);
+ pParse->iDepth--;
if( x<0 ) return -1;
j = x;
while( safe_isspace(z[j]) ){ j++; }
if( iThis<0 ) return -1;
for(j=i+1;;j++){
while( safe_isspace(z[j]) ){ j++; }
+ if( ++pParse->iDepth > JSON_MAX_DEPTH ) return -1;
x = jsonParseValue(pParse, j);
+ pParse->iDepth--;
if( x<0 ){
if( x==(-3) && pParse->nNode==(u32)iThis+1 ) return j+1;
return -1;
i = jsonParseValue(pParse, 0);
if( pParse->oom ) i = -1;
if( i>0 ){
+ assert( pParse->iDepth==0 );
while( safe_isspace(zJson[i]) ) i++;
if( zJson[i] ) i = -1;
}
-C Smaller\sand\sfaster\simplementation\sof\sexprMightBeIndexed().
-D 2017-04-11T18:06:48.387
+C Limit\sthe\sdepth\sof\srecursion\sfor\svalid\sJSON\sin\sthe\sJSON1\sextension\sin\sorder\nto\savoid\susing\sexcess\sstack\sspace\sin\sthe\srecursive\sdescent\sparser.\nFix\sfor\sticket\s[981329adeef51011052667a9].
+D 2017-04-11T18:55:05.542
F Makefile.in 1cc758ce3374a32425e4d130c2fe7b026b20de5b8843243de75f087c0a2661fb
F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
F Makefile.msc a4c0613a18663bda56d8cf76079ab6590a7c3602e54befb4bbdef76bcaa38b6a
F ext/misc/fileio.c d4171c815d6543a9edef8308aab2951413cd8d0f
F ext/misc/fuzzer.c 7c64b8197bb77b7d64eff7cac7848870235d4c25
F ext/misc/ieee754.c f190d0cc5182529acb15babd177781be1ac1718c
-F ext/misc/json1.c 70d49f69ce61e54a83a29e425e704ca3e7e42e6bd9a7cf3c112d0ad995f6560b
+F ext/misc/json1.c 18d80526c34e3eab8adf6a86f7e45b873c19b33d341e76993590a3fca9aefa14
F ext/misc/memvfs.c e5225bc22e79dde6b28380f3a068ddf600683a33
F ext/misc/nextchar.c 35c8b8baacb96d92abbb34a83a997b797075b342
F ext/misc/percentile.c 92699c8cd7d517ff610e6037e56506f8904dae2e
F test/jrnlmode.test 7864d59cf7f6e552b9b99ba0f38acd167edc10fa
F test/jrnlmode2.test 81610545a4e6ed239ea8fa661891893385e23a1d
F test/jrnlmode3.test 556b447a05be0e0963f4311e95ab1632b11c9eaa
-F test/json101.test c0897616f32d95431f37fd291cb78742181980ac
+F test/json101.test 9e68ac5c7cb3fabe22677d919ca025f80f27dde37f4e760b43f9720179ee466c
F test/json102.test eeb54efa221e50b74a2d6fb9259963b48d7414dca3ce2fdfdeed45cb28487bc1
F test/json103.test c5f6b85e69de05f6b3195f9f9d5ce9cd179099a0
F test/json104.test 877d5845f6303899b7889ea5dd1bea99076e3100574d5c536082245c5805dcaa
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 4143650c4ce32289d2301cdfc69bb10877246420f656bed122886f6803fc956a
-R 1aa45dcbe6873a793fc57d44af855002
+P 76cd611d41465fcec61c21520d55172cb236530f38386b7d4a5544ba87de2353
+R 4121191f9cbabfb85c1e92872e6e98a5
U drh
-Z c24847878c6bf2e9fe8bedbea41e582e
+Z 8a8f0ee4e24e0270c8727f53d830c8c6
-76cd611d41465fcec61c21520d55172cb236530f38386b7d4a5544ba87de2353
\ No newline at end of file
+1f68c184596912d742b50b1ca38252a9e783aacf121619a27b17a7ae9f6df041
\ No newline at end of file
SELECT json_valid('" \~ "');
} {0}
+#--------------------------------------------------------------------------
+# 2017-04-11. https://www.sqlite.org/src/info/981329adeef51011
+# Stack overflow on deeply nested JSON.
+#
+# The following tests confirm that deeply nested JSON is considered invalid.
+#
+do_execsql_test json-11.0 {
+ /* Shallow enough to be parsed */
+ SELECT json_valid(printf('%.2000c0%.2000c','[',']'));
+} {1}
+do_execsql_test json-11.1 {
+ /* Too deep by one */
+ SELECT json_valid(printf('%.2001c0%.2001c','[',']'));
+} {0}
+do_execsql_test json-11.2 {
+ /* Shallow enough to be parsed { */
+ SELECT json_valid(replace(printf('%.2000c0%.2000c','[','}'),'[','{"a":'));
+ /* } */
+} {1}
+do_execsql_test json-11.3 {
+ /* Too deep by one { */
+ SELECT json_valid(replace(printf('%.2001c0%.2001c','[','}'),'[','{"a":'));
+ /* } */
+} {0}
finish_test
projects / thirdparty / sqlite.git / commitdiff
