Auto merge of #1313 - bitcartel:zc.v0.11.2.z9_1122, r=ebfull
Fixes #1122 where json_spirit could stack overflow See #1122 for details.
This commit is contained in:
commit
6731665a12
|
@ -5,6 +5,7 @@ bin_PROGRAMS += zcash-gtest
|
||||||
zcash_gtest_SOURCES = \
|
zcash_gtest_SOURCES = \
|
||||||
gtest/main.cpp \
|
gtest/main.cpp \
|
||||||
gtest/json_test_vectors.cpp \
|
gtest/json_test_vectors.cpp \
|
||||||
|
gtest/test_jsonspirit.cpp \
|
||||||
gtest/test_tautology.cpp \
|
gtest/test_tautology.cpp \
|
||||||
gtest/test_checktransaction.cpp \
|
gtest/test_checktransaction.cpp \
|
||||||
gtest/test_equihash.cpp \
|
gtest/test_equihash.cpp \
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
#include <gtest/gtest.h>
|
||||||
|
|
||||||
|
#include "json/json_spirit_reader_template.h"
|
||||||
|
|
||||||
|
using namespace json_spirit;
|
||||||
|
|
||||||
|
// This test checks if we have fixed a stack overflow problem with json_spirit.
|
||||||
|
// It was possible to try and create an unlimited number of nested compound elements.
|
||||||
|
// Without the fix in json_spirit_reader_template.h, this test will segfault.
|
||||||
|
TEST(json_spirit_tests, nested_input_segfault) {
|
||||||
|
std::vector<char> v (100000);
|
||||||
|
std::fill (v.begin(),v.end(), '[');
|
||||||
|
std::string s(v.begin(), v.end());
|
||||||
|
Value value;
|
||||||
|
bool b = json_spirit::read_string(s, value);
|
||||||
|
ASSERT_FALSE(b);
|
||||||
|
}
|
|
@ -308,6 +308,12 @@ namespace json_spirit
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
// ZCASH: Prevent potential stack overflow by setting a limit on the number of nested compound elements
|
||||||
|
if (stack_.size() > 128) {
|
||||||
|
throw std::domain_error("too many nested elements");
|
||||||
|
}
|
||||||
|
// ENDZCASH
|
||||||
|
|
||||||
stack_.push_back( current_p_ );
|
stack_.push_back( current_p_ );
|
||||||
|
|
||||||
Array_or_obj new_array_or_obj; // avoid copy by building new array or object in place
|
Array_or_obj new_array_or_obj; // avoid copy by building new array or object in place
|
||||||
|
|
Loading…
Reference in New Issue