Limit parser depth for json parser

author: Jay Berkenbilt <ejb@ql.org> 2022-05-01 15:34:17 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2022-05-01 18:56:22 +0200
commit: 72e5c734193a3fbc100459e4c84afaeb84cd76e7 (patch)
tree: 2ac7fddc53b2cdb529289ee7bff6ed79fd59a3dd /libqpdf/JSON.cc
parent: e34dbbfa18ab4753f9637920719e683ba3037fcf (diff)
download: qpdf-72e5c734193a3fbc100459e4c84afaeb84cd76e7.tar.zst
1 files changed, 5 insertions, 0 deletions
diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc
index 407e4a64..44106688 100644
--- a/libqpdf/JSON.cc
+++ b/libqpdf/JSON.cc
@@ -1057,6 +1057,11 @@ JSONParser::handleToken()
             stack.push_back(item);
         }
     }
+    if (ps_stack.size() > 500) {
+        throw std::runtime_error(
+            "JSON: offset " + QUtil::int_to_string(p - cstr) +
+            ": maximum object depth exceeded");
+    }
     parser_state = next_state;
     tok_start = nullptr;
     tok_end = nullptr;
author	Jay Berkenbilt <ejb@ql.org>	2022-05-01 15:34:17 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2022-05-01 18:56:22 +0200
commit	72e5c734193a3fbc100459e4c84afaeb84cd76e7 (patch)
tree	2ac7fddc53b2cdb529289ee7bff6ed79fd59a3dd /libqpdf/JSON.cc
parent	e34dbbfa18ab4753f9637920719e683ba3037fcf (diff)
download	qpdf-72e5c734193a3fbc100459e4c84afaeb84cd76e7.tar.zst