mirror of
https://github.com/python/cpython.git
synced 2025-08-18 07:41:05 +00:00
#12017: Fix segfault in json.loads() while decoding highly-nested objects using the C accelerations.
This commit is contained in:
Ezio Melotti
parent
5ae6c42f52
commit
cec464951e
3 changed files with 48 additions and 4 deletions
|
|
@ -65,3 +65,22 @@ class TestRecursion(TestCase):
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
self.fail("didn't raise ValueError on default recursion")
|
self.fail("didn't raise ValueError on default recursion")
|
||||||
|
|
||||||
|
|
||||||
|
def test_highly_nested_objects(self):
|
||||||
|
# test that loading highly-nested objects doesn't segfault when C
|
||||||
|
# accelerations are used. See #12017
|
||||||
|
# str
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
json.loads('{"a":' * 100000 + '1' + '}' * 100000)
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
json.loads('{"a":' * 100000 + '[1]' + '}' * 100000)
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
json.loads('[' * 100000 + '1' + ']' * 100000)
|
||||||
|
# unicode
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
json.loads(u'{"a":' * 100000 + u'1' + u'}' * 100000)
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
json.loads(u'{"a":' * 100000 + u'[1]' + u'}' * 100000)
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
json.loads(u'[' * 100000 + u'1' + u']' * 100000)
|
||||||
|
|
|
||||||
|
|
@ -358,6 +358,9 @@ Library
|
||||||
Extension Modules
|
Extension Modules
|
||||||
-----------------
|
-----------------
|
||||||
|
|
||||||
|
- Issue #12017: Fix segfault in json.loads() while decoding highly-nested
|
||||||
|
objects using the C accelerations.
|
||||||
|
|
||||||
- Issue #1838: Prevent segfault in ctypes, when _as_parameter_ on a class is set
|
- Issue #1838: Prevent segfault in ctypes, when _as_parameter_ on a class is set
|
||||||
to an instance of the class.
|
to an instance of the class.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1488,6 +1488,7 @@ scan_once_str(PyScannerObject *s, PyObject *pystr, Py_ssize_t idx, Py_ssize_t *n
|
||||||
|
|
||||||
Returns a new PyObject representation of the term.
|
Returns a new PyObject representation of the term.
|
||||||
*/
|
*/
|
||||||
|
PyObject *res;
|
||||||
char *str = PyString_AS_STRING(pystr);
|
char *str = PyString_AS_STRING(pystr);
|
||||||
Py_ssize_t length = PyString_GET_SIZE(pystr);
|
Py_ssize_t length = PyString_GET_SIZE(pystr);
|
||||||
if (idx >= length) {
|
if (idx >= length) {
|
||||||
|
|
@ -1503,10 +1504,20 @@ scan_once_str(PyScannerObject *s, PyObject *pystr, Py_ssize_t idx, Py_ssize_t *n
|
||||||
next_idx_ptr);
|
next_idx_ptr);
|
||||||
case '{':
|
case '{':
|
||||||
/* object */
|
/* object */
|
||||||
return _parse_object_str(s, pystr, idx + 1, next_idx_ptr);
|
if (Py_EnterRecursiveCall(" while decoding a JSON object "
|
||||||
|
"from a byte string"))
|
||||||
|
return NULL;
|
||||||
|
res = _parse_object_str(s, pystr, idx + 1, next_idx_ptr);
|
||||||
|
Py_LeaveRecursiveCall();
|
||||||
|
return res;
|
||||||
case '[':
|
case '[':
|
||||||
/* array */
|
/* array */
|
||||||
return _parse_array_str(s, pystr, idx + 1, next_idx_ptr);
|
if (Py_EnterRecursiveCall(" while decoding a JSON array "
|
||||||
|
"from a byte string"))
|
||||||
|
return NULL;
|
||||||
|
res = _parse_array_str(s, pystr, idx + 1, next_idx_ptr);
|
||||||
|
Py_LeaveRecursiveCall();
|
||||||
|
return res;
|
||||||
case 'n':
|
case 'n':
|
||||||
/* null */
|
/* null */
|
||||||
if ((idx + 3 < length) && str[idx + 1] == 'u' && str[idx + 2] == 'l' && str[idx + 3] == 'l') {
|
if ((idx + 3 < length) && str[idx + 1] == 'u' && str[idx + 2] == 'l' && str[idx + 3] == 'l') {
|
||||||
|
|
@ -1564,6 +1575,7 @@ scan_once_unicode(PyScannerObject *s, PyObject *pystr, Py_ssize_t idx, Py_ssize_
|
||||||
|
|
||||||
Returns a new PyObject representation of the term.
|
Returns a new PyObject representation of the term.
|
||||||
*/
|
*/
|
||||||
|
PyObject *res;
|
||||||
Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
|
Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
|
||||||
Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
|
Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
|
||||||
if (idx >= length) {
|
if (idx >= length) {
|
||||||
|
|
@ -1578,10 +1590,20 @@ scan_once_unicode(PyScannerObject *s, PyObject *pystr, Py_ssize_t idx, Py_ssize_
|
||||||
next_idx_ptr);
|
next_idx_ptr);
|
||||||
case '{':
|
case '{':
|
||||||
/* object */
|
/* object */
|
||||||
return _parse_object_unicode(s, pystr, idx + 1, next_idx_ptr);
|
if (Py_EnterRecursiveCall(" while decoding a JSON object "
|
||||||
|
"from a unicode string"))
|
||||||
|
return NULL;
|
||||||
|
res = _parse_object_unicode(s, pystr, idx + 1, next_idx_ptr);
|
||||||
|
Py_LeaveRecursiveCall();
|
||||||
|
return res;
|
||||||
case '[':
|
case '[':
|
||||||
/* array */
|
/* array */
|
||||||
return _parse_array_unicode(s, pystr, idx + 1, next_idx_ptr);
|
if (Py_EnterRecursiveCall(" while decoding a JSON array "
|
||||||
|
"from a unicode string"))
|
||||||
|
return NULL;
|
||||||
|
res = _parse_array_unicode(s, pystr, idx + 1, next_idx_ptr);
|
||||||
|
Py_LeaveRecursiveCall();
|
||||||
|
return res;
|
||||||
case 'n':
|
case 'n':
|
||||||
/* null */
|
/* null */
|
||||||
if ((idx + 3 < length) && str[idx + 1] == 'u' && str[idx + 2] == 'l' && str[idx + 3] == 'l') {
|
if ((idx + 3 < length) && str[idx + 1] == 'u' && str[idx + 2] == 'l' && str[idx + 3] == 'l') {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue