Eric Blake <ebl...@redhat.com> writes: > On 10/29/2015 06:44 AM, Markus Armbruster wrote: >> This would have prevented the regression mentioned in the previous >> commit. >> >> Signed-off-by: Markus Armbruster <arm...@redhat.com> >> --- >> tests/check-qjson.c | 29 +++++++++++++++++++++++++++++ >> 1 file changed, 29 insertions(+) > > Better late than never. > >> +++ b/tests/check-qjson.c >> @@ -1484,6 +1484,34 @@ static void unterminated_literal(void) >> g_assert(obj == NULL); >> } >> >> +static char *make_nest(char *buf, size_t cnt) >> +{ >> + int i; >> + >> + for (i = 0; i < cnt - 1; i++) { >> + buf[i] = '['; >> + buf[2 * cnt - i - 1] = ']'; >> + } >> + buf[cnt - 1] = '{'; >> + buf[cnt] = '}'; >> + buf[2 * cnt] = 0; >> + return buf; >> +} > > So buf must be at least 2*cnt+1 bytes long. (Function is static, so > lack of comments don't hurt too badly). For a cnt of 3 (buffer size at > least 7), this creates "[[{}]]". Larger cnt adds more outer [] pairs. > The mixed content proves that patch 1/4 covers the combined limit of [] > and {} when counting nesting. > > Minor optimization - make the for loop bound be 'i < cnt - 2', so you > aren't writing [] in the middle just to rewrite it to {} after the loop > (works as long as caller never passes cnt == 1, which happens to be the > case).
The loop's first assignment fills 0..cnt-2 inclusive, the second one fills 2*cnt-1..(2*cnt-1)-(cnt-2) = 2*cnt-1..cnt+1 inclusive. If I need to respin, I'll change to a pair of memset(). >> +static void limits_nesting(void) >> +{ >> + enum { max_nesting = 1024 }; /* see qobject/json-streamer.c */ >> + char buf[2 * (max_nesting + 1) + 1]; >> + QObject *obj; >> + >> + obj = qobject_from_json(make_nest(buf, max_nesting)); >> + g_assert(obj != NULL); >> + qobject_decref(obj); > > Proves that we can hit our max, > >> + >> + obj = qobject_from_json(make_nest(buf, max_nesting + 1)); >> + g_assert(obj == NULL); > > and that we gracefully diagnose one beyond max. > >> +} >> + >> int main(int argc, char **argv) >> { >> g_test_init(&argc, &argv, NULL); >> @@ -1519,6 +1547,7 @@ int main(int argc, char **argv) >> g_test_add_func("/errors/invalid_array_comma", invalid_array_comma); >> g_test_add_func("/errors/invalid_dict_comma", invalid_dict_comma); >> g_test_add_func("/errors/unterminated/literal", unterminated_literal); >> + g_test_add_func("/errors/limits/nesting", limits_nesting); >> >> return g_test_run(); >> } >> > > Reviewed-by: Eric Blake <ebl...@redhat.com>