Merge pull request #235 from akx/depth-limit

Add optional compile-time depth limit for reader

Author: ibireme

CMakeLists.txt

@@ -44,6 +44,7 @@ option(YYJSON_DISABLE_FAST_FP_CONV "Disable custom floating-point number convers
 option(YYJSON_DISABLE_NON_STANDARD "Disable non-standard JSON support" OFF)
 option(YYJSON_DISABLE_UTF8_VALIDATION "Disable UTF-8 validation" OFF)
 option(YYJSON_DISABLE_UNALIGNED_MEMORY_ACCESS "Disable unaligned memory access explicit" OFF)
+option(YYJSON_READER_DEPTH_LIMIT "Set a depth limit for reading nested objects/arrays, 0 for unlimited" 0)
 
 if(YYJSON_DISABLE_READER)
     add_definitions(-DYYJSON_DISABLE_READER)
@@ -69,7 +70,9 @@ endif()
 if(YYJSON_DISABLE_UNALIGNED_MEMORY_ACCESS)
     add_definitions(-DYYJSON_DISABLE_UNALIGNED_MEMORY_ACCESS)
 endif()
-
+if(YYJSON_READER_DEPTH_LIMIT GREATER 0)
+    add_definitions(-DYYJSON_READER_DEPTH_LIMIT=${YYJSON_READER_DEPTH_LIMIT})
+endif()
 
 
 # ------------------------------------------------------------------------------
@@ -528,6 +531,13 @@ if(YYJSON_BUILD_MISC)
     if(XCODE)
         set_default_xcode_property(make_tables)
     endif()
+
+    # depth-limit experiment; only does anything if YYJSON_READER_DEPTH_LIMIT is set
+    add_executable(experiment_depth_limit "misc/experiment_depth_limit.c")
+    target_link_libraries(experiment_depth_limit PRIVATE yyjson)
+    if(XCODE)
+        set_default_xcode_property(experiment_depth_limit)
+    endif()
 endif()
 
 

misc/experiment_depth_limit.c

@@ -0,0 +1,65 @@
+#include "yyjson.h"
+
+#if YYJSON_READER_DEPTH_LIMIT
+static void make_nested_json_arrays(char *json, int depth)
+{
+    char *jsonp = json;
+    for (int i = 0; i < depth; i++) {
+        *jsonp++ = '[';
+    }
+    *jsonp++ = '8';
+    for (int i = 0; i < depth; i++) {
+        *jsonp++ = ']';
+    }
+    *jsonp = 0;
+}
+static void make_nested_json_objects(char *json, int depth)
+{
+    char *jsonp = json;
+    for (int i = 0; i < depth; i++) {
+        *jsonp++ = '{';
+        *jsonp++ = '"';
+        *jsonp++ = 'a' + i % 26;
+        *jsonp++ = '"';
+        *jsonp++ = ':';
+    }
+    *jsonp++ = '8';
+    for (int i = 0; i < depth; i++) {
+        *jsonp++ = '}';
+    }
+    *jsonp = 0;
+}
+
+static int check_parse(char *json)
+{
+    yyjson_read_err err;
+    yyjson_doc *doc;
+    yyjson_val *val;
+    printf("Parsing: %s, depth limit = %d\n", json, YYJSON_READER_DEPTH_LIMIT);
+    doc = yyjson_read_opts(json, strlen(json), 0, NULL, &err);
+    yyjson_doc_free(doc);
+    printf("=> Error code: %d\n", err.code);
+    if (err.code != YYJSON_READ_ERROR_DEPTH)
+    {
+        printf("Expected depth error, but didn't get one!");
+        return 1;
+    }
+    return 0;
+}
+
+int main()
+{
+    char json[512];
+    make_nested_json_arrays(json, YYJSON_READER_DEPTH_LIMIT + 1);
+    check_parse(json);
+    make_nested_json_objects(json, YYJSON_READER_DEPTH_LIMIT + 1);
+    check_parse(json);
+    return 0;
+}
+#else
+int main()
+{
+    printf("Library not compiled with depth limit support.\n");
+    return 0;
+}
+#endif

src/yyjson.c

@@ -46,6 +46,7 @@
 #   pragma warning(disable:4101) /* unreferenced variable */
 #   pragma warning(disable:4102) /* unreferenced label */
 #   pragma warning(disable:4127) /* conditional expression is constant */
+#   pragma warning(disable:4702) /* unreachable code */
 #   pragma warning(disable:4706) /* assignment within conditional expression */
 #endif
 
@@ -338,8 +339,9 @@ uint32_t yyjson_version(void) {
 #ifndef YYJSON_DISABLE_UTF8_VALIDATION
 #define YYJSON_DISABLE_UTF8_VALIDATION 0
 #endif
-
-
+#ifndef YYJSON_READER_DEPTH_LIMIT
+#define YYJSON_READER_DEPTH_LIMIT 0
+#endif
 
 /*==============================================================================
  * MARK: - Macros (Private)
@@ -438,6 +440,7 @@ uint32_t yyjson_version(void) {
 #define MSG_ERR_UTF8    "invalid utf-8 encoding in string"
 #define MSG_ERR_UTF16   "UTF-16 encoding is not supported"
 #define MSG_ERR_UTF32   "UTF-32 encoding is not supported"
+#define MSG_DEPTH       "depth limit exceeded"
 
 /* U64 constant values */
 #undef  U64_MAX
@@ -5306,6 +5309,7 @@ fail_literal_null:  return_err(cur, LITERAL, MSG_CHAR_N);
 fail_character:     return_err(cur, UNEXPECTED_CHARACTER, MSG_CHAR);
 fail_comment:       return_err(cur, INVALID_COMMENT, MSG_COMMENT);
 fail_garbage:       return_err(cur, UNEXPECTED_CONTENT, MSG_GARBAGE);
+fail_depth:         return_err(cur, DEPTH, MSG_DEPTH);
 
 #undef return_err
 }
@@ -5366,6 +5370,10 @@ static_inline yyjson_doc *read_root_minify(u8 *hdr, u8 *cur, u8 *eof,
     u8 *raw_ptr = raw_end;
     u8 **pre = &raw_ptr; /* previous raw end pointer */
 
+#if YYJSON_READER_DEPTH_LIMIT
+    u32 container_depth = 0; /* current array/object depth */
+#endif
+
     dat_len = has_flg(STOP_WHEN_DONE) ? 256 : (usize)(eof - cur);
     hdr_len = sizeof(yyjson_doc) / sizeof(yyjson_val);
     hdr_len += (sizeof(yyjson_doc) % sizeof(yyjson_val)) > 0;
@@ -5391,6 +5399,12 @@ static_inline yyjson_doc *read_root_minify(u8 *hdr, u8 *cur, u8 *eof,
     }
 
 arr_begin:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth++;
+    if (unlikely(container_depth >= YYJSON_READER_DEPTH_LIMIT)) {
+        goto fail_depth;
+    }
+#endif
     /* save current container */
     ctn->tag = (((u64)ctn_len + 1) << YYJSON_TAG_BIT) |
                (ctn->tag & YYJSON_TAG_MASK);
@@ -5496,6 +5510,9 @@ static_inline yyjson_doc *read_root_minify(u8 *hdr, u8 *cur, u8 *eof,
     goto fail_character_arr_end;
 
 arr_end:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth--;
+#endif
     /* get parent container */
     ctn_parent = (yyjson_val *)(void *)((u8 *)ctn - ctn->uni.ofs);
 
@@ -5514,6 +5531,12 @@ static_inline yyjson_doc *read_root_minify(u8 *hdr, u8 *cur, u8 *eof,
     }
 
 obj_begin:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth++;
+    if (unlikely(container_depth >= YYJSON_READER_DEPTH_LIMIT)) {
+        goto fail_depth;
+    }
+#endif
     /* push container */
     ctn->tag = (((u64)ctn_len + 1) << YYJSON_TAG_BIT) |
                (ctn->tag & YYJSON_TAG_MASK);
@@ -5660,6 +5683,9 @@ static_inline yyjson_doc *read_root_minify(u8 *hdr, u8 *cur, u8 *eof,
     goto fail_character_obj_end;
 
 obj_end:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth--;
+#endif
     /* pop container */
     ctn_parent = (yyjson_val *)(void *)((u8 *)ctn - ctn->uni.ofs);
     /* point to the next value */
@@ -5709,6 +5735,7 @@ fail_character_obj_sep: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_SEP);
 fail_character_obj_end: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_END);
 fail_comment:           return_err(cur, INVALID_COMMENT, MSG_COMMENT);
 fail_garbage:           return_err(cur, UNEXPECTED_CONTENT, MSG_GARBAGE);
+fail_depth:             return_err(cur, DEPTH, MSG_DEPTH);
 
 #undef val_incr
 #undef return_err
@@ -5769,6 +5796,9 @@ static_inline yyjson_doc *read_root_pretty(u8 *hdr, u8 *cur, u8 *eof,
     u8 raw_end[1]; /* raw end for null-terminator */
     u8 *raw_ptr = raw_end;
     u8 **pre = &raw_ptr; /* previous raw end pointer */
+#if YYJSON_READER_DEPTH_LIMIT
+    u32 container_depth = 0; /* current array/object depth */
+#endif
 
     dat_len = has_flg(STOP_WHEN_DONE) ? 256 : (usize)(eof - cur);
     hdr_len = sizeof(yyjson_doc) / sizeof(yyjson_val);
@@ -5797,6 +5827,13 @@ static_inline yyjson_doc *read_root_pretty(u8 *hdr, u8 *cur, u8 *eof,
     }
 
 arr_begin:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth++;
+    if (unlikely(container_depth >= YYJSON_READER_DEPTH_LIMIT)) {
+        goto fail_depth;
+    }
+#endif
+
     /* save current container */
     ctn->tag = (((u64)ctn_len + 1) << YYJSON_TAG_BIT) |
                (ctn->tag & YYJSON_TAG_MASK);
@@ -5919,6 +5956,9 @@ static_inline yyjson_doc *read_root_pretty(u8 *hdr, u8 *cur, u8 *eof,
     goto fail_character_arr_end;
 
 arr_end:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth--;
+#endif
     /* get parent container */
     ctn_parent = (yyjson_val *)(void *)((u8 *)ctn - ctn->uni.ofs);
 
@@ -5938,6 +5978,13 @@ static_inline yyjson_doc *read_root_pretty(u8 *hdr, u8 *cur, u8 *eof,
     }
 
 obj_begin:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth++;
+    if (unlikely(container_depth >= YYJSON_READER_DEPTH_LIMIT)) {
+        goto fail_depth;
+    }
+#endif
+
     /* push container */
     ctn->tag = (((u64)ctn_len + 1) << YYJSON_TAG_BIT) |
                (ctn->tag & YYJSON_TAG_MASK);
@@ -6104,6 +6151,10 @@ static_inline yyjson_doc *read_root_pretty(u8 *hdr, u8 *cur, u8 *eof,
     goto fail_character_obj_end;
 
 obj_end:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth--;
+#endif
+
     /* pop container */
     ctn_parent = (yyjson_val *)(void *)((u8 *)ctn - ctn->uni.ofs);
     /* point to the next value */
@@ -6154,6 +6205,7 @@ fail_character_obj_sep: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_SEP);
 fail_character_obj_end: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_END);
 fail_comment:           return_err(cur, INVALID_COMMENT, MSG_COMMENT);
 fail_garbage:           return_err(cur, UNEXPECTED_CONTENT, MSG_GARBAGE);
+fail_depth:             return_err(cur, DEPTH, MSG_DEPTH);
 
 #undef val_incr
 #undef return_err
@@ -6612,6 +6664,10 @@ yyjson_doc *yyjson_incr_read(yyjson_incr_state *state, size_t len,
     u8 **con = NULL; /* for incremental string parsing */
     u8 saved_end = '\0'; /* saved end char */
 
+#if YYJSON_READER_DEPTH_LIMIT
+    u32 container_depth = 0; /* current array/object depth */
+#endif
+
     /* validate input parameters */
     if (!err) err = &tmp_err;
     if (unlikely(!state)) {
@@ -6733,6 +6789,13 @@ yyjson_doc *yyjson_incr_read(yyjson_incr_state *state, size_t len,
     return_err(cur, UNEXPECTED_CHARACTER, msg);
 
 arr_begin:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth++;
+    if (unlikely(container_depth >= YYJSON_READER_DEPTH_LIMIT)) {
+        goto fail_depth;
+    }
+#endif
+
     /* save current container */
     ctn->tag = (((u64)ctn_len + 1) << YYJSON_TAG_BIT) |
                (ctn->tag & YYJSON_TAG_MASK);
@@ -6822,6 +6885,9 @@ yyjson_doc *yyjson_incr_read(yyjson_incr_state *state, size_t len,
     goto fail_character_arr_end;
 
 arr_end:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth--;
+#endif
     /* get parent container */
     ctn_parent = (yyjson_val *)(void *)((u8 *)ctn - ctn->uni.ofs);
 
@@ -6840,6 +6906,13 @@ yyjson_doc *yyjson_incr_read(yyjson_incr_state *state, size_t len,
     }
 
 obj_begin:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth++;
+    if (unlikely(container_depth >= YYJSON_READER_DEPTH_LIMIT)) {
+        goto fail_depth;
+    }
+#endif
+
     /* push container */
     ctn->tag = (((u64)ctn_len + 1) << YYJSON_TAG_BIT) |
                (ctn->tag & YYJSON_TAG_MASK);
@@ -6954,6 +7027,10 @@ yyjson_doc *yyjson_incr_read(yyjson_incr_state *state, size_t len,
     goto fail_character_obj_end;
 
 obj_end:
+#if YYJSON_READER_DEPTH_LIMIT
+    container_depth--;
+#endif
+
     /* pop container */
     ctn_parent = (yyjson_val *)(void *)((u8 *)ctn - ctn->uni.ofs);
     /* point to the next value */
@@ -7020,6 +7097,7 @@ fail_character_obj_key: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_KEY);
 fail_character_obj_sep: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_SEP);
 fail_character_obj_end: return_err(cur, UNEXPECTED_CHARACTER, MSG_OBJ_END);
 fail_garbage:           return_err(cur, UNEXPECTED_CONTENT, MSG_GARBAGE);
+fail_depth:             return_err(cur, DEPTH, MSG_DEPTH);
 
 #undef val_incr
 #undef return_err

src/yyjson.h

@@ -142,6 +142,9 @@
 #ifndef YYJSON_HAS_STDBOOL_H
 #endif
 
+/* Define to an integer to set a depth limit for containers (arrays, objects). */
+#ifndef YYJSON_READER_DEPTH_LIMIT
+#endif
 
 
 /*==============================================================================
@@ -875,6 +878,9 @@ static const yyjson_read_code YYJSON_READ_ERROR_FILE_READ               = 13;
 /** Incomplete input during incremental parsing; parsing state is preserved. */
 static const yyjson_read_code YYJSON_READ_ERROR_MORE                    = 14;
 
+/** Read depth limit exceeded. */
+static const yyjson_read_code YYJSON_READ_ERROR_DEPTH                   = 15;
+
 /** Error information for JSON reader. */
 typedef struct yyjson_read_err {
     /** Error code, see `yyjson_read_code` for all possible values. */