webmcp

changeset 150:35fb4f92a887

Limit maximum depth for JSON parser to 500
author jbe
date Wed Jul 30 23:11:38 2014 +0200 (2014-07-30)
parents 5229687c7601
children 6d2bb696f736
files Makefile.options libraries/json/json.c
line diff
     1.1 --- a/Makefile.options	Wed Jul 30 22:56:21 2014 +0200
     1.2 +++ b/Makefile.options	Wed Jul 30 23:11:38 2014 +0200
     1.3 @@ -8,13 +8,13 @@
     1.4  SLIB_EXT = so
     1.5  
     1.6  # Lua binaries
     1.7 -LUA_BIN = lua
     1.8 -LUAC_BIN = luac
     1.9 +LUA_BIN = lua52
    1.10 +LUAC_BIN = luac52
    1.11  
    1.12  # C compiler flags
    1.13  # TODO: check alternatives to -D_GNU_SOURCE -fPIC
    1.14  #       using libtool?
    1.15 -CFLAGS = -O2 -D_GNU_SOURCE -fPIC -Wall -I /usr/include -I /usr/local/include -I /usr/local/include/lua52
    1.16 +CFLAGS = -g -O0 -D_GNU_SOURCE -fPIC -Wall -I /usr/include -I /usr/local/include -I /usr/local/include/lua52
    1.17  
    1.18  # additional C compiler flags for parts which depend on PostgreSQL
    1.19  CFLAGS_PGSQL = -I /usr/local/include/postgresql -I /usr/local/include/postgresql/server
     2.1 --- a/libraries/json/json.c	Wed Jul 30 22:56:21 2014 +0200
     2.2 +++ b/libraries/json/json.c	Wed Jul 30 23:11:38 2014 +0200
     2.3 @@ -4,7 +4,14 @@
     2.4  #include <string.h>
     2.5  
     2.6  // maximum number of nested JSON values (objects and arrays):
     2.7 -#define JSON_MAXDEPTH 100
     2.8 +// NOTE: The Lua reference states that the stack may typically contain at least
     2.9 +//       "a few thousand elements". Since every nested level consumes
    2.10 +//       3 elements on the Lua stack (the object/array, its shadow table,
    2.11 +//       a string key or a placeholder), we limit the number of nested levels
    2.12 +//       to 500. If a stack overflow would still happen in the import function,
    2.13 +//       this is detected nevertheless and an error is thrown (instead of
    2.14 +//       returning nil and an error string).
    2.15 +#define JSON_MAXDEPTH 500
    2.16  
    2.17  // macros for usage of Lua registry:
    2.18  #define JSON_REGENT char

Impressum / About Us