diff options
author | Jay Berkenbilt <ejb@ql.org> | 2022-05-01 15:34:17 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2022-05-01 18:56:22 +0200 |
commit | 72e5c734193a3fbc100459e4c84afaeb84cd76e7 (patch) | |
tree | 2ac7fddc53b2cdb529289ee7bff6ed79fd59a3dd /libqpdf | |
parent | e34dbbfa18ab4753f9637920719e683ba3037fcf (diff) | |
download | qpdf-72e5c734193a3fbc100459e4c84afaeb84cd76e7.tar.zst |
Limit parser depth for json parser
Diffstat (limited to 'libqpdf')
-rw-r--r-- | libqpdf/JSON.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc index 407e4a64..44106688 100644 --- a/libqpdf/JSON.cc +++ b/libqpdf/JSON.cc @@ -1057,6 +1057,11 @@ JSONParser::handleToken() stack.push_back(item); } } + if (ps_stack.size() > 500) { + throw std::runtime_error( + "JSON: offset " + QUtil::int_to_string(p - cstr) + + ": maximum object depth exceeded"); + } parser_state = next_state; tok_start = nullptr; tok_end = nullptr; |