Merge pull request #16 from spyoungtech/fix-stack-overflow

Limit nesting depth by default to guard against stack overflow

Author: spyoungtech

Cargo.toml

@@ -17,6 +17,9 @@ unicode-general-category = { version = "1.0" }
 [features]
 default = ["serde"]
 serde = ["dep:serde"]
+unlimited_depth = []
+
+
 
 [dev-dependencies.serde]
 version = "1.0"
@@ -49,4 +52,5 @@ name = "json5-trailing-comma-formatter"
 test = true
 
 [package.metadata.docs.rs]
-all-features = true
+all-features = true
+

src/parser.rs

@@ -251,12 +251,19 @@ struct JSON5Parser<'toks, 'input> {
     source: &'input str,
     source_tokens: Peekable<Iter<'toks, TokenSpan>>,
     lookahead: Option<&'toks TokenSpan>,
+    current_depth: usize,
+    max_depth: usize,
 }
 
 
 impl<'toks, 'input> JSON5Parser<'toks, 'input> {
     fn new(tokens: &'toks Tokens<'input>) -> Self {
-        JSON5Parser { source_tokens: tokens.tok_spans.iter().peekable(), lookahead: None, source: tokens.source }
+        use crate::utils::MAX_DEPTH;
+        JSON5Parser { source_tokens: tokens.tok_spans.iter().peekable(), lookahead: None, source: tokens.source, current_depth: 0, max_depth: MAX_DEPTH }
+    }
+
+    fn with_max_depth(tokens: &'toks Tokens<'input>, max_depth: usize) -> Self {
+        JSON5Parser { source_tokens: tokens.tok_spans.iter().peekable(), lookahead: None, source: tokens.source, current_depth: 0, max_depth: max_depth }
     }
 
     fn advance(&mut self) -> Option<&'toks TokenSpan> {
@@ -529,7 +536,14 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
 
 
     fn parse_value(&mut self) -> Result<JSONValue<'input>, ParsingError> {
-        self.parse_obj_or_array()
+        self.current_depth = self.current_depth + 1;
+        if self.current_depth > self.max_depth {
+            let idx = self.position();
+            return Err(self.make_error(format!("max depth ({}) exceeded in nested arrays/objects. To expand the depth, use the ``with_max_depth`` constructor or enable the `unlimited_depth` feature", self.max_depth), idx))
+        }
+        let res = self.parse_obj_or_array();
+        self.current_depth = self.current_depth - 1;
+        res
     }
 
     fn parse_text(&mut self) -> Result<JSONText<'input>, ParsingError> {
@@ -606,6 +620,23 @@ mod tests {
         assert!(res.is_err());
     }
 
+    #[cfg(not(feature = "unlimited_depth"))]
+    #[test]
+    fn test_deeply_nested() {
+        let n = 4000;
+        let mut s = String::with_capacity(n * 2);
+        for _ in 0 .. n {
+            s.push('[')
+        }
+        for _ in 0 .. n {
+            s.push(']')
+        }
+        let res = from_str(s.as_str());
+        assert!(res.is_err());
+        assert!(res.unwrap_err().message.contains("max depth"))
+    }
+
+
     #[test]
     fn test_from_bytes() {
         let res = from_bytes(b"{}").unwrap();

src/rt/parser.rs

@@ -334,12 +334,19 @@ struct JSON5Parser<'toks, 'input> {
     source: &'input str,
     source_tokens: Peekable<Iter<'toks, TokenSpan>>,
     lookahead: Option<&'toks TokenSpan>,
+    current_depth: usize,
+    max_depth: usize,
 }
 
 
 impl<'toks, 'input> JSON5Parser<'toks, 'input> {
     fn new(tokens: &'toks Tokens<'input>) -> Self {
-        JSON5Parser { source_tokens: tokens.tok_spans.iter().peekable(), lookahead: None, source: tokens.source }
+        use crate::utils::MAX_DEPTH;
+        JSON5Parser { source_tokens: tokens.tok_spans.iter().peekable(), lookahead: None, source: tokens.source, current_depth: 0, max_depth: MAX_DEPTH }
+    }
+
+    fn with_max_depth(&mut self, tokens: &'toks Tokens<'input>, max_depth: usize) -> Self {
+        JSON5Parser { source_tokens: tokens.tok_spans.iter().peekable(), lookahead: None, source: tokens.source, current_depth: 0, max_depth: max_depth }
     }
 
     fn advance(&mut self) -> Option<&'toks TokenSpan> {
@@ -611,7 +618,6 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
                                 return Err(self.make_error(format!("Unary operations not allowed for value {:?}", val), span.2))
                             }
                         }
-
                         Ok(JSONValue::Unary {operator: UnaryOperator::Plus, value: Box::new(value)})
                     }
                     TokType::Minus => {
@@ -645,7 +651,14 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
 
 
     fn parse_value(&mut self) -> Result<JSONValue, ParsingError> {
-        self.parse_obj_or_array()
+        self.current_depth = self.current_depth + 1;
+        if self.current_depth > self.max_depth {
+            let idx = self.position();
+            return Err(self.make_error(format!("max depth ({}) exceeded in nested arrays/objects. To expand the depth, use the ``with_max_depth`` constructor or enable the `unlimited_depth` feature", self.max_depth), idx))
+        }
+        let res = self.parse_obj_or_array();
+        self.current_depth = self.current_depth - 1;
+        res
     }
 
     fn parse_text(&mut self) -> Result<JSONText, ParsingError> {
@@ -713,6 +726,22 @@ mod tests {
         assert!(res.is_err());
     }
 
+    #[cfg(not(feature = "unlimited_depth"))]
+    #[test]
+    fn test_deeply_nested() {
+        let n = 4000;
+        let mut s = String::with_capacity(n * 2);
+        for _ in 0 .. n {
+            s.push('[')
+        }
+        for _ in 0 .. n {
+            s.push(']')
+        }
+        let res = crate::parser::from_str(s.as_str());
+        assert!(res.is_err());
+        assert!(res.unwrap_err().message.contains("max depth"))
+    }
+
     #[test]
     fn test_foo() {
         let res = from_str("{}").unwrap();

src/utils.rs

@@ -158,4 +158,21 @@ fn char_from_u32(u: u32) -> Result<char, String> {
 
 fn err<S: Into<String>>(message: S) -> String {
     message.into()
-}
+}
+
+
+#[cfg(all(not(feature = "unlimited_depth"), not(target_os = "windows"), debug_assertions))]
+pub (crate) const MAX_DEPTH: usize = 1000;
+
+#[cfg(all(not(feature = "unlimited_depth"), not(target_os = "windows"), not(debug_assertions)))]
+pub (crate) const MAX_DEPTH: usize = 3000;
+
+
+#[cfg(all(not(feature = "unlimited_depth"), target_os = "windows", debug_assertions))]
+pub (crate) const MAX_DEPTH: usize = 700;
+
+#[cfg(all(not(feature = "unlimited_depth"), target_os = "windows", not(debug_assertions)))]
+pub (crate) const MAX_DEPTH: usize = 2000;
+
+#[cfg(feature = "unlimited_depth")]
+pub (crate) const MAX_DEPTH: usize = usize::MAX;