Re: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nest

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nest

From:	Markus Armbruster
Subject:	Re: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting and size
Date:	Thu, 19 Nov 2015 17:59:16 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Eric Blake <address@hidden> writes:

> On 11/19/2015 08:29 AM, Markus Armbruster wrote:
>> Ugh, I almost dropped this on the floor.  I think it should go into
>> 2.5, and I plan to take it through my tree.  If you disagree, please
>> speak up.
>
> It sounds like a bug fix to me (avoiding core dumps due to
> user-triggerable input) and on that ground, qualifies for hard freeze in
> my books.
>
>> 
>> We limit nesting depth and input size to defend against input
>> triggering excessive heap or stack memory use (commit 29c75dd
>> json-streamer: limit the maximum recursion depth and maximum token
>> count).  This limiting is flawed in multiple ways.  Fix it up some.
>> 
>> Not yet fixed: this JSON parser is an absurd memory hog; see last
>> patch.
>> 
>> v2:
>> * Trivially rebased, R-bys retained
>> * PATCH 3: Fix a nearby comment typo [Eric]
>> * PATCH 4: Simplify make_nest() slightly
>> * PATCH 5: Commit message tweaked
>
> Hmm, when the series is only 4/4, changes to PATCH 5 are suspect :)

I can't count.  Subtract one from every patch number in the list above.

> At any rate, the changes look correct, and minor enough that keeping my
> R-b was the right thing to do.

Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2 1/4] json-streamer: Apply nesting limit more sanely, (continued)
- [Qemu-devel] [PATCH v2 1/4] json-streamer: Apply nesting limit more sanely, Markus Armbruster, 2015/11/19
- [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/11/19
  - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Paolo Bonzini, 2015/11/19
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/11/20
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Paolo Bonzini, 2015/11/20
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/11/20
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Paolo Bonzini, 2015/11/23
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Eric Blake, 2015/11/23
    - Re: [Qemu-devel] [PATCH v2 4/4] json-streamer: Limit number of tokens in addition to total size, Markus Armbruster, 2015/11/23
- Re: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting and size, Eric Blake, 2015/11/19
  - Re: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting and size, Markus Armbruster <=

Prev by Date: Re: [Qemu-devel] [PATCH v12 27/36] qapi: Forbid case-insensitive clashes
Next by Date: Re: [Qemu-devel] WG: [ovirt-users] Segmentation fault in libtcmalloc
Previous by thread: Re: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit nesting and size
Next by thread: [Qemu-devel] [Bug 1297218] Re: guest hangs after live migration due to tsc jump
Index(es):
- Date
- Thread