[Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting

From:	Markus Armbruster
Subject:	[Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting and size
Date:	Thu, 19 Nov 2015 16:29:04 +0100

Ugh, I almost dropped this on the floor.  I think it should go into
2.5, and I plan to take it through my tree.  If you disagree, please
speak up.

We limit nesting depth and input size to defend against input
triggering excessive heap or stack memory use (commit 29c75dd
json-streamer: limit the maximum recursion depth and maximum token
count).  This limiting is flawed in multiple ways.  Fix it up some.

Not yet fixed: this JSON parser is an absurd memory hog; see last
patch.

v2:
* Trivially rebased, R-bys retained
* PATCH 3: Fix a nearby comment typo [Eric]
* PATCH 4: Simplify make_nest() slightly
* PATCH 5: Commit message tweaked

Markus Armbruster (4):
  json-streamer: Apply nesting limit more sanely
  json-streamer: Don't crash when input exceeds nesting limit
  check-qjson: Add test for JSON nesting depth limit
  json-streamer: Limit number of tokens in addition to total size

 qobject/json-streamer.c | 10 ++++++----
 tests/check-qjson.c     | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 4 deletions(-)

-- 
2.4.3

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting and size, Markus Armbruster <=
- [Qemu-devel] [PATCH v2 3/4] check-qjson: Add test for JSON nesting depth limit, Markus Armbruster, 2015/11/19
- [Qemu-devel] [PATCH v2 2/4] json-streamer: Don't crash when input exceeds nesting limit, Markus Armbruster, 2015/11/19
- [Qemu-devel] [PATCH v2 1/4] json-streamer: Apply nesting limit more sanely, Markus Armbruster, 2015/11/19
- [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/11/19
  - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Paolo Bonzini, 2015/11/19
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/11/20
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Paolo Bonzini, 2015/11/20
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/11/20
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Paolo Bonzini, 2015/11/23
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/11/23

Prev by Date: [Qemu-devel] [PATCH v2 1/4] json-streamer: Apply nesting limit more sanely
Next by Date: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size
Previous by thread: [Qemu-devel] [PATCH] Assume madvise for (no)hugepage works
Next by thread: [Qemu-devel] [PATCH v2 3/4] check-qjson: Add test for JSON nesting depth limit
Index(es):
- Date
- Thread