Improved the verifier to be even more resilient.

Theoretically, an attacker could construct a FlatBuffer with the sole purpose of making verification really expensive, essentially DOS-ing a server that uses verification on FlatBuffers. This adds a max table depth and max table amount at which point the verifier declares the buffer malformed. Bug: 16301336 Change-Id: I6b098c31d030d24c19e852b33609110658e66aa9 Tested: on OS X
2026-06-09 06:30:54 +00:00 · 2014-08-21 17:00:54 -07:00
parent ffb3dec573
commit 11b743688c
4 changed files with 51 additions and 18 deletions
--- a/docs/source/CppUsage.md
+++ b/docs/source/CppUsage.md
@@ -188,6 +188,11 @@ a full traversal (since any scalar data is not actually touched),
 and since it may cause the buffer to be brought into cache before
 reading, the actual overhead may be even lower than expected.

+In specialized cases where a denial of service attack is possible,
+the verifier has two additional constructor arguments that allow
+you to limit the nesting depth and total amount of tables the
+verifier may encounter before declaring the buffer malformed.
+
 ## Text & schema parsing

 Using binary buffers with the generated header provides a super low