[Qemu-devel] [PATCH 0/4] json-streamer: Fix up code to limit nesting and

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 0/4] json-streamer: Fix up code to limit nesting and

From:	Markus Armbruster
Subject:	[Qemu-devel] [PATCH 0/4] json-streamer: Fix up code to limit nesting and size
Date:	Thu, 29 Oct 2015 13:44:39 +0100

We limit nesting depth and input size to defend against input
triggering excessive heap or stack memory use (commit 29c75dd
json-streamer: limit the maximum recursion depth and maximum token
count).  This limiting is flawed in multiple ways.  Fix it up some.

Not yet fixed: this JSON parser is an absurd memory hog; see last
patch.

Markus Armbruster (4):
  json-streamer: Apply nesting limit more sanely
  json-streamer: Don't crash when input exceeds nesting limit
  check-qjson: Add test for JSON nesting depth limit
  json-streamer: Limit number of tokens in addition to total size

 qobject/json-streamer.c |  7 ++++---
 tests/check-qjson.c     | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 3 deletions(-)

-- 
2.4.3

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/4] json-streamer: Fix up code to limit nesting and size, Markus Armbruster <=
- [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/10/29
  - Re: [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/10/29
    - Re: [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/10/29
    - Re: [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/10/29
    - Re: [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/10/30
    - Re: [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/10/30
- [Qemu-devel] [PATCH 1/4] json-streamer: Apply nesting limit more sanely, Markus Armbruster, 2015/10/29
  - Re: [Qemu-devel] [PATCH 1/4] json-streamer: Apply nesting limit more sanely, Eric Blake, 2015/10/29
- [Qemu-devel] [PATCH 3/4] check-qjson: Add test for JSON nesting depth limit, Markus Armbruster, 2015/10/29
  - Re: [Qemu-devel] [PATCH 3/4] check-qjson: Add test for JSON nesting depth limit, Eric Blake, 2015/10/29

Prev by Date: [Qemu-devel] [PATCH 3/4] check-qjson: Add test for JSON nesting depth limit
Next by Date: [Qemu-devel] [PATCH 2/4] json-streamer: Don't crash when input exceeds nesting limit
Previous by thread: [Qemu-devel] [PATCH v2 0/1] qemu-iotests: fix cleanup of background processes
Next by thread: [Qemu-devel] [PATCH 4/4] json-streamer: Limit number of tokens in addition to total size
Index(es):
- Date
- Thread