Skip to content

Commit 3d2aaa5

Browse files
spyoungtechspyoungtech
committed
add depth protection to unary
1 parent 950acfc commit 3d2aaa5

File tree

2 files changed

+14
-1
lines changed

2 files changed

+14
-1
lines changed

src/parser.rs

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -494,6 +494,11 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
494494
match self.check_and_consume(vec![TokType::Plus, TokType::Minus]) {
495495
None => self.parse_primary(),
496496
Some(span) => {
497+
self.current_depth = self.current_depth + 1;
498+
if self.current_depth > self.max_depth {
499+
let idx = self.position();
500+
return Err(self.make_error(format!("max depth ({}) exceeded while parsing unary. To expand the depth, use the ``with_max_depth`` constructor or enable the `unlimited_depth` feature", self.max_depth), idx))
501+
}
497502
match span.1 {
498503
TokType::Plus => {
499504
let value = self.parse_unary()?;
@@ -503,6 +508,7 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
503508
return Err(self.make_error(format!("Unary operations not allowed for value {:?}", val), span.2))
504509
}
505510
}
511+
self.current_depth = self.current_depth - 1;
506512
Ok(JSONValue::Unary {operator: UnaryOperator::Plus, value: Box::new(value)})
507513
}
508514
TokType::Minus => {
@@ -513,6 +519,7 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
513519
return Err(self.make_error(format!("Unary operations not allowed for value {:?}", val), span.2))
514520
}
515521
}
522+
self.current_depth = self.current_depth - 1;
516523
Ok(JSONValue::Unary {operator: UnaryOperator::Minus, value: Box::new(value)})
517524
}
518525
_ => unreachable!("no")

src/rt/parser.rs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -609,6 +609,11 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
609609
match self.check_and_consume(vec![TokType::Plus, TokType::Minus]) {
610610
None => self.parse_primary(),
611611
Some(span) => {
612+
self.current_depth = self.current_depth + 1;
613+
if self.current_depth > self.max_depth {
614+
let idx = self.position();
615+
return Err(self.make_error(format!("max depth ({}) exceeded while parsing unary. To expand the depth, use the ``with_max_depth`` constructor or enable the `unlimited_depth` feature", self.max_depth), idx))
616+
}
612617
match span.1 {
613618
TokType::Plus => {
614619
let value = self.parse_unary()?;
@@ -618,7 +623,7 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
618623
return Err(self.make_error(format!("Unary operations not allowed for value {:?}", val), span.2))
619624
}
620625
}
621-
626+
self.current_depth = self.current_depth - 1;
622627
Ok(JSONValue::Unary {operator: UnaryOperator::Plus, value: Box::new(value)})
623628
}
624629
TokType::Minus => {
@@ -629,6 +634,7 @@ impl<'toks, 'input> JSON5Parser<'toks, 'input> {
629634
return Err(self.make_error(format!("Unary operations not allowed for value {:?}", val), span.2))
630635
}
631636
}
637+
self.current_depth = self.current_depth - 1;
632638
Ok(JSONValue::Unary {operator: UnaryOperator::Minus, value: Box::new(value)})
633639
}
634640
_ => unreachable!("no")

0 commit comments

Comments
 (0)