subject:"Re\\\: \\\[sqlite\\\] json_valid\\\(\\\) crash on Windows \\\- was\\\: json\\\(\\\) number value parsing"

Re: [sqlite] json_valid() crash on Windows - was: json() number value parsing

2017-04-11 Thread Dominique Pellé

Ralf Junker  wrote:

> SQLite on Windows crashes when running this test:
>
>   n_structure_10_opening_arrays.json
>
> The crash results from a stack overflow because json_valid() is implemented
> using a recursive parser. All versions of json1.c up to current trunk are
> affected.
>
> Here is a small SQL snippet that also triggers the overflow:
>
>   SELECT json_valid(json) FROM (
> WITH RECURSIVE
>   cnt(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM cnt
> WHERE x < 4) -- Eventually increase this!
> SELECT group_concat('[', '') AS json FROM cnt);
>
> Depending on compiler and available stack, you may need to increase 4 to
> a larger number to reproduce the problem. sqlite3.exe 3.18.0 on Windows 7
> ran out of stack at around 35000.
>
> The problem might escape Linux testing because it usually has a much larger
> default stack size than Windows.
>
> One solution would be to limit the parser's nesting depth as RFC 7159
> allows:
>
>   https://tools.ietf.org/html/rfc7159#section-9
>
> Ralf

A better solution is to avoid recursion when parsing JSON.

JSON parsing in Vim had the same kind of problem and it was
reworked in vim-8.0.169 to avoid recursion to be able to
parse n_structure_10_opening_arrays.json.
It can be a big change though.

Dominique
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] json_valid() crash on Windows - was: json() number value parsing

2017-04-11 Thread Ralf Junker

SQLite on Windows crashes when running this test:

  n_structure_10_opening_arrays.json

The crash results from a stack overflow because json_valid() is 
implemented using a recursive parser. All versions of json1.c up to 
current trunk are affected.

Here is a small SQL snippet that also triggers the overflow:

  SELECT json_valid(json) FROM (
WITH RECURSIVE
  cnt(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM cnt
WHERE x < 4) -- Eventually increase this!
SELECT group_concat('[', '') AS json FROM cnt);

Depending on compiler and available stack, you may need to increase 
4 to a larger number to reproduce the problem. sqlite3.exe 3.18.0 on 
Windows 7 ran out of stack at around 35000.

The problem might escape Linux testing because it usually has a much 
larger default stack size than Windows.

One solution would be to limit the parser's nesting depth as RFC 7159 
allows:

  https://tools.ietf.org/html/rfc7159#section-9

Ralf

On 10.04.2017 13:54, Richard Hipp wrote:

> SQLite returns true from json_valid() for the following cases which
> should allegedly be false:
>
>n_multidigit_number_then_00.json
>n_string_unescaped_newline.json
>n_string_unescaped_tab.json
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] json_valid() crash on Windows - was: json() number value parsing

Re: [sqlite] json_valid() crash on Windows - was: json() number value parsing

2 matches

Site Navigation

Mail list logo

Footer information