Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Calling JsonPointer.compile(...) on very deeply nested expression throws StackOverflowError #818

Closed
cowtowncoder opened this issue Oct 2, 2022 · 1 comment
Closed

Calling JsonPointer.compile(...) on very deeply nested expression throws StackOverflowError #818

cowtowncoder opened this issue Oct 2, 2022 · 1 comment
Labels
2.14 Issue planned (at earliest) for 2.14 oss-fuzz Issue uncovered by oss-fuzz fuzzer
Milestone
2.14.0

Comments

@cowtowncoder
Copy link
Member

(note: found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51806)

When trying to compile JsonPointer expressions with thousands (on my machine 6000 or more) of path segments, a StackOverflowError is thrown as parser uses simple recursive technique. This should be prevented by, for example:

  1. Imposing maximum depth (1000?) and simply failing cleanly
  2. Rewriting method to use iterative+stack approach to increase limit to be relative to heap space size (million(s) of segments).

Note: this does not appear like something straight-forward to use by malicious actors since JsonPointer instances are not typically read from untrusted contents. Although as with anything else there may be specific individual cases where this could be a vector.
@cowtowncoder cowtowncoder added 2.14 Issue planned (at earliest) for 2.14 oss-fuzz Issue uncovered by oss-fuzz fuzzer labels Oct 2, 2022
cowtowncoder added a commit that referenced this issue Oct 3, 2022
@cowtowncoder
Improve #818 test a bit
19f1cfc
cowtowncoder added a commit that referenced this issue Oct 5, 2022
@cowtowncoder
Minor refactoring of JsonPointer in preparation for tackling #818
724567f
@cowtowncoder cowtowncoder added this to the 2.14.0 milestone Oct 5, 2022
@cowtowncoder
Copy link
Member Author

Rewrite decoder/parser to use explicit stack instead of recursive calls, resolving the SO issue.
Will be in 2.14.0-rc2 and final 2.14.0; no plans to backport.

cowtowncoder added a commit that referenced this issue Oct 7, 2022
@cowtowncoder
Further work on #818 to reduce memory usage
c77299f
@cowtowncoder cowtowncoder mentioned this issue Oct 7, 2022
Merged
cowtowncoder added a commit that referenced this issue Oct 7, 2022
@cowtowncoder
Further reduce memory usage of JsonPointer (wrt #818) (#820)
4f39761
@pjfanning pjfanning changed the title Calling JsonPointer.compile(...) on very deeply nested expression throws StackOverflowErrror Calling JsonPointer.compile(...) on very deeply nested expression throws StackOverflowError Feb 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.14 Issue planned (at earliest) for 2.14 oss-fuzz Issue uncovered by oss-fuzz fuzzer
Projects
None yet
Milestone
2.14.0
Development

No branches or pull requests
1 participant
@cowtowncoder