From 72e5c734193a3fbc100459e4c84afaeb84cd76e7 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Sun, 1 May 2022 09:34:17 -0400
Subject: Limit parser depth for json parser

---
 libqpdf/JSON.cc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'libqpdf')

diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc
index 407e4a64..44106688 100644
--- a/libqpdf/JSON.cc
+++ b/libqpdf/JSON.cc
@@ -1057,6 +1057,11 @@ JSONParser::handleToken()
             stack.push_back(item);
         }
     }
+    if (ps_stack.size() > 500) {
+        throw std::runtime_error(
+            "JSON: offset " + QUtil::int_to_string(p - cstr) +
+            ": maximum object depth exceeded");
+    }
     parser_state = next_state;
     tok_start = nullptr;
     tok_end = nullptr;
-- 
cgit v1.2.3-54-g00ecf