mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/encoding
History
Jordan Liggitt 84afaa9e94 encoding/json: limit max nesting depth 
Limit the maximum nesting depth when parsing to protect against stack
overflow, permitted by https://tools.ietf.org/html/rfc7159#section-9

A nesting depth limit of 10,000 was chosen to be a conservative
balance between avoiding stack overflow and avoiding impacting
legitimate JSON documents.

10,000 is less than 1% of the experimental stack depth limit
with the default stack size:
* On 64-bit systems, the default stack limit is 1GB,
  which allows ~2,800,000 frames of recursive parsing
* On 32-bit systems, the default stack limit is 250MB,
  which allows ~1,100,000 frames of recursive parsing

Fixes #31789

Change-Id: I4f5a90e89dcb4ab1a957ad9d02e1fa0efafaccf6
Reviewed-on: https://go-review.googlesource.com/c/go/+/199837
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
 		2020-02-24 14:35:19 +00:00
..
ascii85 encoding/ascii85: make bigtest big again 2017-06-23 14:28:30 +00:00
asn1 Revert "encoding/asn1: fix unmarshalling SEQUENCE OF SET" 2019-11-08 18:55:44 +00:00
base32 encoding/base32: increase performance and code reuse 2019-09-11 00:56:39 +00:00
base64 encoding/base64: document that Strict mode still ignores newlines 2019-11-20 19:43:21 +00:00
binary encoding/binary: add float support to fast path 2019-11-08 18:35:59 +00:00
csv src: gofmt -s 2019-09-09 18:57:05 +00:00
gob all: fix a number of misuses of the word "an" 2019-12-10 16:23:10 +00:00
hex encoding/hex: simplify encoder arithmetic 2019-03-05 17:40:09 +00:00
json encoding/json: limit max nesting depth 2020-02-24 14:35:19 +00:00
pem all: remove PEM-encoded private keys from tests 2019-05-21 20:03:55 +00:00
xml encoding/xml: fix token decoder on early EOF 2019-10-30 19:47:52 +00:00
encoding.go