From: dan Date: Fri, 5 May 2023 15:52:44 +0000 (+0000) Subject: Reduce the maximum depth of nesting in json objects to 1000. X-Git-Tag: version-3.42.0~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed96436f23a0b42e2a83e66272ce93dc1f18d4d1;p=thirdparty%2Fsqlite.git Reduce the maximum depth of nesting in json objects to 1000. FossilOrigin-Name: c7697a0d45bfab20ec09f17ad65e375ddb43af6762278481c13a65c9a784978e --- diff --git a/manifest b/manifest index 301fbbb355..c00d9f4b75 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Do\snot\sattempt\sto\srun\sjson502.test\swith\sSQLITE_OMIT_VIRTUALTABLE\sbuilds. -D 2023-05-05T15:28:35.372 +C Reduce\sthe\smaximum\sdepth\sof\snesting\sin\sjson\sobjects\sto\s1000. +D 2023-05-05T15:52:44.241 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -595,7 +595,7 @@ F src/hash.h 3340ab6e1d13e725571d7cee6d3e3135f0779a7d8e76a9ce0a85971fa3953c51 F src/hwtime.h b638809e083b601b618df877b2e89cb87c2a47a01f4def10be4c4ebb54664ac7 F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71 F src/insert.c a8de1db43335fc4946370a7a7e47d89975ad678ddb15078a150e993ba2fb37d4 -F src/json.c 7297dbd1d623850578c21bb8a99b87e745d09e14fd36ebc965ace67c86f902b4 +F src/json.c eba5afc4de8cb18958f3d2b56737f1096a2e2e73f720a357d7c57882b7925bc2 F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa F src/loadext.c be5af440f3192c58681b5d43167dbca3ccbfce394d89faa22378a14264781136 F src/main.c 035be2e9ba2a0fc1701a8ab1880af3001a968a24556433538a6c073558ee4341 @@ -1256,7 +1256,7 @@ F test/json/README.md 506af1f54574b524106acb50d1a341ab5ddfa6d83fe25095007892b07e F test/json/json-generator.tcl dc0dd0f393800c98658fc4c47eaa6af29d4e17527380cd28656fb261bddc8a3f F test/json/json-q1.txt 335a7c8ab291d354f33b7decc9559e99a2823d4142291c4be7aa339a631f3c2d F test/json/json-speed-check.sh 8b7babf530faa58bd59d6d362cec8e9036a68c5457ff46f3b1f1511d21af6737 x -F test/json101.test ff8024cbb8092e723237648cea9bdbd51f31476b5015a4df3a5ecc8a5efda837 +F test/json101.test 94126d4291d4a00e45f6988ce885c410de69243490e46e70e9946cb6e6f9ea02 F test/json102.test 13dc9e7b7f359ecb861e02f9bd7019f7342a63d1c354273b0a8f3904050560a8 F test/json103.test 53df87f83a4e5fa0c0a56eb29ff6c94055c6eb919f33316d62161a8880112dbe F test/json104.test 1b844a70cddcfa2e4cd81a5db0657b2e61e7f00868310f24f56a9ba0114348c1 @@ -2068,8 +2068,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P fece588b186c4f9f76d626313e35336fd5681e966e9bd0fa1053b147c4e3c315 -R 4f9e6360f1a1bc9368471bbb0d80beb6 +P 6664850647cd314c076842df5bf94e4f12d9be7fb56795b2af25f15c1267fa4d +R 6aa76a0806777607ae43529901afa2c5 U dan -Z 0beac7195282461c4777228af10dffa7 +Z c1985c3452a227be8fa49c7d28c3263b # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index ad8c2bcefc..fc8c552521 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -6664850647cd314c076842df5bf94e4f12d9be7fb56795b2af25f15c1267fa4d \ No newline at end of file +c7697a0d45bfab20ec09f17ad65e375ddb43af6762278481c13a65c9a784978e \ No newline at end of file diff --git a/src/json.c b/src/json.c index ada8a91c58..8e6ba48b4c 100644 --- a/src/json.c +++ b/src/json.c @@ -147,7 +147,7 @@ struct JsonParse { ** descent parser. A depth of 2000 is far deeper than any sane JSON ** should go. */ -#define JSON_MAX_DEPTH 2000 +#define JSON_MAX_DEPTH 1000 /************************************************************************** ** Utility routines for dealing with JsonString objects diff --git a/test/json101.test b/test/json101.test index e17c8cd6a2..543e4c71e7 100644 --- a/test/json101.test +++ b/test/json101.test @@ -721,20 +721,20 @@ do_execsql_test json-10.95 { # do_execsql_test json-11.0 { /* Shallow enough to be parsed */ - SELECT json_valid(printf('%.2000c0%.2000c','[',']')); + SELECT json_valid(printf('%.1000c0%.1000c','[',']')); } {1} do_execsql_test json-11.1 { /* Too deep by one */ - SELECT json_valid(printf('%.2001c0%.2001c','[',']')); + SELECT json_valid(printf('%.1001c0%.1001c','[',']')); } {0} do_execsql_test json-11.2 { /* Shallow enough to be parsed { */ - SELECT json_valid(replace(printf('%.2000c0%.2000c','[','}'),'[','{"a":')); + SELECT json_valid(replace(printf('%.1000c0%.1000c','[','}'),'[','{"a":')); /* } */ } {1} do_execsql_test json-11.3 { /* Too deep by one { */ - SELECT json_valid(replace(printf('%.2001c0%.2001c','[','}'),'[','{"a":')); + SELECT json_valid(replace(printf('%.1001c0%.1001c','[','}'),'[','{"a":')); /* } */ } {0}