BigfootDev/flatbuffers
1
0
Fork 1
mirror of https://github.com/google/flatbuffers.git synced 2026-06-06 13:37:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Protected parser against infinite recursion.

Browse Source 
Will error-out after e.g. 64 levels of nested JSON tables.

Change-Id: I3ab66cdd509378bfab87b85f85c07ab42aded788
Tested: on Linux.
This commit is contained in:
Wouter van Oortmerssen
2018-06-14 16:17:19 -07:00
parent f9c64891dd
commit 7330436713
2 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/flatbuffers/idl.h
View File

@@ -525,7 +525,8 @@ class Parser : public ParserState {
opts(options),
uses_flexbuffers_(false),
source_(nullptr),
anonymous_counter(0) {
anonymous_counter(0),
recurse_protection_counter(0) {
// Start out with the empty namespace being current.
empty_namespace_ = new Namespace();
namespaces_.push_back(empty_namespace_);
@@ -704,6 +705,15 @@ class Parser : public ParserState {
bool SupportsVectorOfUnions() const;
Namespace *UniqueNamespace(Namespace *ns);
enum { kMaxParsingDepth = 64 };
FLATBUFFERS_CHECKED_ERROR RecurseError();
template<typename F> CheckedError Recurse(F f) {
if (++recurse_protection_counter >= kMaxParsingDepth) return RecurseError();
auto ce = f();
recurse_protection_counter--;
return ce;
}
public:
SymbolTable<Type> types_;
SymbolTable<StructDef> structs_;
@@ -736,6 +746,7 @@ class Parser : public ParserState {
std::vector<std::pair<Value, FieldDef *>> field_stack_;
int anonymous_counter;
int recurse_protection_counter;
};
// Utility functions for multiple generators: