database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-11463 Server crashes in mark_array upon JSON_VALID.

Browse Source 
The depth of nested arrays should be controlled, as it's limited.
This commit is contained in:
Alexey Botchkov
2016-12-03 12:36:10 +04:00
parent edc75c9c16
commit 7fca133028
3 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mysql-test/r/func_json.result
View File

@ -10,6 +10,9 @@ json_valid('{"key1":1, "key2":[2,3]}')
select json_valid('[false, true, null]');
json_valid('[false, true, null]')
1
select json_valid(repeat('[', 1000));
json_valid(repeat('[', 1000))
0
select json_value('{"key1":123}', '$.key2');
json_value('{"key1":123}', '$.key2')
NULL

1
mysql-test/t/func_json.test
View File

@ -2,6 +2,7 @@ select json_valid('[1, 2]');
select json_valid('"string"}');
select json_valid('{"key1":1, "key2":[2,3]}');
select json_valid('[false, true, null]');
select json_valid(repeat('[', 1000));
select json_value('{"key1":123}', '$.key2');
select json_value('{"key1":123}', '$.key1');

38
strings/json_lib.c
View File

@ -126,8 +126,13 @@ static int syntax_error(json_engine_t *j)
static int mark_object(json_engine_t *j)
{
j->state= JST_OBJ_START;
*(++j->stack_p)= JST_OBJ_CONT;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_OBJ_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
@ -137,8 +142,13 @@ static int read_obj(json_engine_t *j)
j->state= JST_OBJ_START;
j->value_type= JSON_VALUE_OBJECT;
j->value= j->value_begin;
*(++j->stack_p)= JST_OBJ_CONT;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_OBJ_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
@ -146,9 +156,14 @@ static int read_obj(json_engine_t *j)
static int mark_array(json_engine_t *j)
{
j->state= JST_ARRAY_START;
*(++j->stack_p)= JST_ARRAY_CONT;
j->value= j->value_begin;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_ARRAY_CONT;
j->value= j->value_begin;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
/* Read value of object. */
@ -157,8 +172,13 @@ static int read_array(json_engine_t *j)
j->state= JST_ARRAY_START;
j->value_type= JSON_VALUE_ARRAY;
j->value= j->value_begin;
*(++j->stack_p)= JST_ARRAY_CONT;
return 0;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_ARRAY_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}