# HG changeset patch # User jbe # Date 1406754698 -7200 # Node ID 35fb4f92a88753c00387e72fa5308bd90c92b192 # Parent 5229687c7601f2aae328758a3fd3ab2da1f5d07b Limit maximum depth for JSON parser to 500 diff -r 5229687c7601 -r 35fb4f92a887 Makefile.options --- a/Makefile.options Wed Jul 30 22:56:21 2014 +0200 +++ b/Makefile.options Wed Jul 30 23:11:38 2014 +0200 @@ -8,13 +8,13 @@ SLIB_EXT = so # Lua binaries -LUA_BIN = lua -LUAC_BIN = luac +LUA_BIN = lua52 +LUAC_BIN = luac52 # C compiler flags # TODO: check alternatives to -D_GNU_SOURCE -fPIC # using libtool? -CFLAGS = -O2 -D_GNU_SOURCE -fPIC -Wall -I /usr/include -I /usr/local/include -I /usr/local/include/lua52 +CFLAGS = -g -O0 -D_GNU_SOURCE -fPIC -Wall -I /usr/include -I /usr/local/include -I /usr/local/include/lua52 # additional C compiler flags for parts which depend on PostgreSQL CFLAGS_PGSQL = -I /usr/local/include/postgresql -I /usr/local/include/postgresql/server diff -r 5229687c7601 -r 35fb4f92a887 libraries/json/json.c --- a/libraries/json/json.c Wed Jul 30 22:56:21 2014 +0200 +++ b/libraries/json/json.c Wed Jul 30 23:11:38 2014 +0200 @@ -4,7 +4,14 @@ #include // maximum number of nested JSON values (objects and arrays): -#define JSON_MAXDEPTH 100 +// NOTE: The Lua reference states that the stack may typically contain at least +// "a few thousand elements". Since every nested level consumes +// 3 elements on the Lua stack (the object/array, its shadow table, +// a string key or a placeholder), we limit the number of nested levels +// to 500. If a stack overflow would still happen in the import function, +// this is detected nevertheless and an error is thrown (instead of +// returning nil and an error string). +#define JSON_MAXDEPTH 500 // macros for usage of Lua registry: #define JSON_REGENT char