database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-11463 Server crashes in mark_array upon JSON_VALID.

Browse Source 
The depth of nested arrays should be controlled, as it's limited.
This commit is contained in:
Alexey Botchkov
2016-12-03 12:36:10 +04:00
parent edc75c9c16
commit 7fca133028
3 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
strings/json_lib.c
View File

@ -126,8 +126,13 @@ static int syntax_error(json_engine_t *j)
static int mark_object(json_engine_t *j)
{
j->state= JST_OBJ_START;
*(++j->stack_p)= JST_OBJ_CONT;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_OBJ_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
@ -137,8 +142,13 @@ static int read_obj(json_engine_t *j)
j->state= JST_OBJ_START;
j->value_type= JSON_VALUE_OBJECT;
j->value= j->value_begin;
*(++j->stack_p)= JST_OBJ_CONT;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_OBJ_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
@ -146,9 +156,14 @@ static int read_obj(json_engine_t *j)
static int mark_array(json_engine_t *j)
{
j->state= JST_ARRAY_START;
*(++j->stack_p)= JST_ARRAY_CONT;
j->value= j->value_begin;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_ARRAY_CONT;
j->value= j->value_begin;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
/* Read value of object. */
@ -157,8 +172,13 @@ static int read_array(json_engine_t *j)
j->state= JST_ARRAY_START;
j->value_type= JSON_VALUE_ARRAY;
j->value= j->value_begin;
*(++j->stack_p)= JST_ARRAY_CONT;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_ARRAY_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}