Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit nesting depth #410

Merged
merged 1 commit into from
Oct 12, 2019
Merged

Limit nesting depth #410

merged 1 commit into from
Oct 12, 2019

Conversation

liggitt
Copy link
Contributor

@liggitt liggitt commented Oct 8, 2019

This allows callers to limit input size to bound allocations / CPU, without needing to introspect the provided JSON to protect against internal decoder stack depth overflow.

See also https://tools.ietf.org/html/rfc7159#section-9 and golang issue 31789

@codecov
Copy link

codecov bot commented Oct 8, 2019

Codecov Report

Merging #410 into master will increase coverage by 4.8%.
The diff coverage is 68.35%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master     #410     +/-   ##
=========================================
+ Coverage   81.72%   86.53%   +4.8%     
=========================================
  Files          41       41             
  Lines        5029     5102     +73     
=========================================
+ Hits         4110     4415    +305     
+ Misses        798      551    -247     
- Partials      121      136     +15
Impacted Files Coverage Δ
reflect.go 92.85% <100%> (+0.14%) ⬆️
iter_array.go 76.59% <100%> (+2.78%) ⬆️
reflect_struct_decoder.go 81.89% <33.33%> (+33.56%) ⬆️
iter_object.go 67.89% <88.88%> (+1.41%) ⬆️
iter.go 90.09% <94.11%> (+0.35%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 819acad...eec2489. Read the comment docs.

@liggitt
Copy link
Contributor Author

liggitt commented Oct 8, 2019

cc @taowen

@taowen taowen merged commit 03217c3 into json-iterator:master Oct 12, 2019
@liggitt
Copy link
Contributor Author

liggitt commented Oct 12, 2019

thanks! just for planning purposes, is there a target date for tagging a release that will include this?

@taowen
Copy link
Contributor

taowen commented Oct 17, 2019

https://github.com/json-iterator/go/releases/tag/1.1.8

@liggitt
Copy link
Contributor Author

liggitt commented Oct 17, 2019

just noticed the new tag is missing a leading v: #412

@liggitt liggitt deleted the stack branch October 17, 2019 14:10
zhenzou pushed a commit to zhenzou/jsoniter that referenced this pull request Feb 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants