Commit 7fca1330 authored by Alexey Botchkov's avatar Alexey Botchkov

MDEV-11463 Server crashes in mark_array upon JSON_VALID.

        The depth of nested arrays should be controlled, as it's limited.
parent edc75c9c
......@@ -10,6 +10,9 @@ json_valid('{"key1":1, "key2":[2,3]}')
select json_valid('[false, true, null]');
json_valid('[false, true, null]')
1
select json_valid(repeat('[', 1000));
json_valid(repeat('[', 1000))
0
select json_value('{"key1":123}', '$.key2');
json_value('{"key1":123}', '$.key2')
NULL
......
......@@ -2,6 +2,7 @@ select json_valid('[1, 2]');
select json_valid('"string"}');
select json_valid('{"key1":1, "key2":[2,3]}');
select json_valid('[false, true, null]');
select json_valid(repeat('[', 1000));
select json_value('{"key1":123}', '$.key2');
select json_value('{"key1":123}', '$.key1');
......
......@@ -126,8 +126,13 @@ static int syntax_error(json_engine_t *j)
static int mark_object(json_engine_t *j)
{
j->state= JST_OBJ_START;
*(++j->stack_p)= JST_OBJ_CONT;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_OBJ_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
......@@ -137,8 +142,13 @@ static int read_obj(json_engine_t *j)
j->state= JST_OBJ_START;
j->value_type= JSON_VALUE_OBJECT;
j->value= j->value_begin;
*(++j->stack_p)= JST_OBJ_CONT;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_OBJ_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
......@@ -146,9 +156,14 @@ static int read_obj(json_engine_t *j)
static int mark_array(json_engine_t *j)
{
j->state= JST_ARRAY_START;
*(++j->stack_p)= JST_ARRAY_CONT;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_ARRAY_CONT;
j->value= j->value_begin;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
/* Read value of object. */
......@@ -157,8 +172,13 @@ static int read_array(json_engine_t *j)
j->state= JST_ARRAY_START;
j->value_type= JSON_VALUE_ARRAY;
j->value= j->value_begin;
*(++j->stack_p)= JST_ARRAY_CONT;
if ((++j->stack_p) - j->stack < JSON_DEPTH_LIMIT)
{
*j->stack_p= JST_ARRAY_CONT;
return 0;
}
j->s.error= JE_DEPTH;
return 1;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment