Peerplays_Blockchain/peerplays-fc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adding sanity checks to string->json parsing

Browse source
This commit is contained in:
Daniel Larimer 2015-05-12 12:58:47 -04:00
parent 7dcfa9a910
commit 4f0919c493
2 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CMakeLists.txt
View file

@ -278,6 +278,9 @@ add_executable( task_cancel_test tests/task_cancel.cpp )
target_link_libraries( task_cancel_test fc )
add_executable( bloom_test tests/bloom_test.cpp )
target_link_libraries( bloom_test fc )
add_executable( real128_test tests/real128_test.cpp )
target_link_libraries( real128_test fc )

22
src/io/json.cpp
View file

@ -436,9 +436,30 @@ namespace fc
}
return variant();
}
/** the purpose of this check is to verify that we will not get a stack overflow in the recursive descent parser */
void check_string_depth( const string& utf8_str )
{
int32_t open_object = 0;
int32_t open_array = 0;
for( auto c : utf8_str )
{
switch( c )
{
case '{': open_object++; break;
case '}': open_object--; break;
case '[': open_array++; break;
case ']': open_array--; break;
}
FC_ASSERT( open_object < 100 && open_array < 100, "object graph too deep", ("object depth",open_object)("array depth", open_array) );
}
}
variant json::from_string( const std::string& utf8_str, parse_type ptype )
{ try {
check_string_depth( utf8_str );
fc::stringstream in( utf8_str );
//in.exceptions( std::ifstream::eofbit );
switch( ptype )
@ -456,6 +477,7 @@ namespace fc
variants json::variants_from_string( const std::string& utf8_str, parse_type ptype )
{ try {
check_string_depth( utf8_str );
variants result;
fc::stringstream in( utf8_str );
//in.exceptions( std::ifstream::eofbit );