We limit nesting depth and input size to defend against input triggering excessive heap or stack memory use (commit 29c75dd json-streamer: limit the maximum recursion depth and maximum token count). This limiting is flawed in multiple ways. Fix it up some.
Not yet fixed: this JSON parser is an absurd memory hog; see last patch. Markus Armbruster (4): json-streamer: Apply nesting limit more sanely json-streamer: Don't crash when input exceeds nesting limit check-qjson: Add test for JSON nesting depth limit json-streamer: Limit number of tokens in addition to total size qobject/json-streamer.c | 7 ++++--- tests/check-qjson.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) -- 2.4.3
