You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When trying to compile JsonPointer expressions with thousands (on my machine 6000 or more) of path segments, a StackOverflowError is thrown as parser uses simple recursive technique. This should be prevented by, for example:
Imposing maximum depth (1000?) and simply failing cleanly
Rewriting method to use iterative+stack approach to increase limit to be relative to heap space size (million(s) of segments).
Note: this does not appear like something straight-forward to use by malicious actors since JsonPointer instances are not typically read from untrusted contents. Although as with anything else there may be specific individual cases where this could be a vector.
The text was updated successfully, but these errors were encountered:
Rewrite decoder/parser to use explicit stack instead of recursive calls, resolving the SO issue.
Will be in 2.14.0-rc2 and final 2.14.0; no plans to backport.
pjfanning
changed the title
Calling JsonPointer.compile(...) on very deeply nested expression throws StackOverflowErrror
Calling JsonPointer.compile(...) on very deeply nested expression throws StackOverflowErrorFeb 22, 2023
(note: found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51806)
When trying to compile
JsonPointer
expressions with thousands (on my machine 6000 or more) of path segments, aStackOverflowError
is thrown as parser uses simple recursive technique. This should be prevented by, for example:Note: this does not appear like something straight-forward to use by malicious actors since
JsonPointer
instances are not typically read from untrusted contents. Although as with anything else there may be specific individual cases where this could be a vector.The text was updated successfully, but these errors were encountered: