diff options
author | Mark Pulford <mark@kyne.com.au> | 2012-01-12 19:27:18 +1030 |
---|---|---|
committer | Mark Pulford <mark@kyne.com.au> | 2012-03-04 18:54:34 +1030 |
commit | 5e36beccab38fa40b2c324c9339bbd5f1a3f24e3 (patch) | |
tree | 28ee3145a3c4e472c6b5bcdae574444a95aba479 /manual.txt | |
parent | d4f438965e41660bd0beda772ba3d3b96a492571 (diff) | |
download | lua-cjson-5e36beccab38fa40b2c324c9339bbd5f1a3f24e3.tar.gz lua-cjson-5e36beccab38fa40b2c324c9339bbd5f1a3f24e3.tar.bz2 lua-cjson-5e36beccab38fa40b2c324c9339bbd5f1a3f24e3.zip |
Add configurable decode nesting limit
Lua 5.2 is able to extend the Lua stack much further than earlier
versions. Recent testing shows it is possible for Lua CJSON to hit the
process stack limit and segfault. Add a configurable JSON object/array
nesting limit to prevent running out of process stack space.
The current limit is 20 (same as encode).
Add decode_max_depth() configuration function.
Diffstat (limited to 'manual.txt')
-rw-r--r-- | manual.txt | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -158,6 +158,7 @@ setting = cjson.refuse_invalid_numbers([setting]) | |||
158 | depth = cjson.encode_max_depth([depth]) | 158 | depth = cjson.encode_max_depth([depth]) |
159 | convert, ratio, safe = cjson.encode_sparse_array([convert[, ratio[, safe]]]) | 159 | convert, ratio, safe = cjson.encode_sparse_array([convert[, ratio[, safe]]]) |
160 | keep = cjson.encode_keep_buffer([keep]) | 160 | keep = cjson.encode_keep_buffer([keep]) |
161 | depth = cjson.decode_max_depth([depth]) | ||
161 | ------------ | 162 | ------------ |
162 | 163 | ||
163 | 164 | ||
@@ -239,6 +240,31 @@ numeric key will be stored as a Lua +string+. Any code assuming type | |||
239 | +number+ may break. | 240 | +number+ may break. |
240 | 241 | ||
241 | 242 | ||
243 | [[decode_max_depth]] | ||
244 | decode_max_depth | ||
245 | ~~~~~~~~~~~~~~~~ | ||
246 | |||
247 | [source,lua] | ||
248 | ------------ | ||
249 | depth = cjson.decode_max_depth([depth]) | ||
250 | -- "depth" must be a positive integer | ||
251 | ------------ | ||
252 | |||
253 | By default, Lua CJSON will reject JSON with arrays and/or objects | ||
254 | nested more than 20 deep. | ||
255 | |||
256 | This setting is only changed when an argument is provided. The current | ||
257 | setting is always returned. | ||
258 | |||
259 | When the maximum array/object depth is exceeded Lua CJSON will throw | ||
260 | an error. An error may be thrown before the depth limit is hit if Lua | ||
261 | is unable to allocate more objects on the Lua stack. | ||
262 | |||
263 | This check prevents unnecessarily complicated JSON from slowing down | ||
264 | the application, or crashing the application due to lack of process | ||
265 | stack space. | ||
266 | |||
267 | |||
242 | encode | 268 | encode |
243 | ~~~~~~ | 269 | ~~~~~~ |
244 | 270 | ||