jeans/Tasmota
jeans/Tasmota
1
0
Fork 0
mirror of https://github.com/arendst/Tasmota.git synced 2025-07-22 18:26:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Berry fix rare crash in json parsing (#18395)

Browse Source
This commit is contained in:
s-hadinger 2023-04-11 23:13:02 +02:00 committed by GitHub
parent f33ccac2df
commit 8ea91b7792
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/libesp32/berry/src/be_jsonlib.c
View File

@ -183,6 +183,10 @@ static const char* parser_string(bvm *vm, const char *json)
} }
} }
be_assert(ch == '"'); be_assert(ch == '"');
/* require the stack to have some free space for the string,
since parsing deeply nested objects might
crash the VM due to insufficient stack space. */
be_stack_require(vm, 1 + BE_STACK_FREE_MIN);
be_pushnstring(vm, buf, cast_int(dst - buf)); be_pushnstring(vm, buf, cast_int(dst - buf));
be_free(vm, buf, len); be_free(vm, buf, len);
return json + 1; /* skip '"' */ return json + 1; /* skip '"' */

6
lib/libesp32/berry/tests/json.be
View File

@ -34,6 +34,12 @@ assert_load_failed('{"ke: 1}')
assert_load_failed('{"key": 1x}') assert_load_failed('{"key": 1x}')
assert_load_failed('{"key"}') assert_load_failed('{"key"}')
assert_load_failed('{"key": 1, }') assert_load_failed('{"key": 1, }')
# insanely long, nested object
var text = 'null'
for i : 0 .. 200
text = '{"nested":' + text + ', "num": 1, "bool": true, "str": "abc", "n": null, "arr": [1, 2, 3]}'
end
json.load(text) # do nothing, just check that it doesn't crash
# dump tests # dump tests