Overview
Comment: | Add depth limit for MessagePack |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
c0d8a3426cce307995c0b17bd6a8c2e9 |
User & Date: | js on 2017-05-13 23:27:40 |
Other Links: | manifest | tags |
Context
2017-05-14
| ||
00:11 | Small optimization for objc_storeStrong() check-in: 9d12f9759f user: js tags: trunk | |
2017-05-13
| ||
23:27 | Add depth limit for MessagePack check-in: c0d8a3426c user: js tags: trunk | |
22:38 | Reduce retain + autorelease check-in: 504e13cf00 user: js tags: trunk | |
Changes
Modified src/OFDataArray+MessagePackValue.h from [87bd9c3480] to [19398bebc1].
︙ | |||
29 30 31 32 33 34 35 36 37 38 | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | + + + + + + + + + | @interface OFDataArray (MessagePackValue) /*! * @brief Parses the MessagePack representation and returns it as an object. * * @return The MessagePack representation as an object */ - (id)messagePackValue; /*! * @brief Parses the MessagePack representation and returns it as an object. * * @param depthLimit The maximum depth the parser should accept (defaults to 32 * if not specified, 0 means no limit (insecure!)) * @return The MessagePack representation as an object */ - (id)messagePackValueWithDepthLimit: (size_t)depthLimit; @end OF_ASSUME_NONNULL_END |
Modified src/OFDataArray+MessagePackValue.m from [d21c98d61f] to [c085900a12].
︙ | |||
25 26 27 28 29 30 31 | 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | - + + | #import "OFDictionary.h" #import "OFMessagePackExtension.h" #import "OFInvalidFormatException.h" int _OFDataArray_MessagePackValue_reference; |
︙ | |||
50 51 52 53 54 55 56 | 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | - + + + + + + + - + + - + + + + + + + - + + - + + - + + | return ((uint64_t)buffer[0] << 56) | ((uint64_t)buffer[1] << 48) | ((uint64_t)buffer[2] << 40) | ((uint64_t)buffer[3] << 32) | ((uint64_t)buffer[4] << 24) | ((uint64_t)buffer[5] << 16) | ((uint64_t)buffer[6] << 8) | buffer[7]; } static size_t |
︙ | |||
169 170 171 172 173 174 175 | 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 | - + - + | length: count]; return count + 1; } /* fixarray */ if ((buffer[0] & 0xF0) == 0x90) return parseArray(buffer + 1, length - 1, object, |
︙ | |||
423 424 425 426 427 428 429 | 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 | - + - + | extensionWithType: type data: data]; } @finally { [data release]; } return 4; |
︙ | |||
526 527 528 529 530 531 532 | 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 | - + - + - + - + + + + + + + - + + + + + | return count + 5; /* Arrays */ case 0xDC: /* array 16 */ if (length < 3) goto error; return parseArray(buffer + 3, length - 3, object, |
Modified src/OFString+JSONValue.m from [a9f012805c] to [9ab88e7a0f].
︙ | |||
30 31 32 33 34 35 36 | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | - + | #import "OFNull.h" #import "OFInvalidJSONException.h" int _OFString_JSONValue_reference; static id nextObject(const char **pointer, const char *stop, size_t *line, |
︙ | |||
386 387 388 389 390 391 392 | 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 | - + - + | * reach stop. */ return nil; } static inline OFMutableArray * parseArray(const char **pointer, const char *stop, size_t *line, |
︙ | |||
416 417 418 419 420 421 422 | 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 | - + | if (*pointer >= stop || **pointer != ']') return nil; break; } |
︙ | |||
443 444 445 446 447 448 449 | 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 | - + - + | (*pointer)++; return array; } static inline OFMutableDictionary * parseDictionary(const char **pointer, const char *stop, size_t *line, |
︙ | |||
482 483 484 485 486 487 488 | 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 | - + - - + | return nil; if ((**pointer >= 'a' && **pointer <= 'z') || (**pointer >= 'A' && **pointer <= 'Z') || **pointer == '_' || **pointer == '$' || **pointer == '\\') key = parseIdentifier(pointer, stop); else |
︙ | |||
571 572 573 574 575 576 577 | 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 | - + - + - + | } return number; } static id nextObject(const char **pointer, const char *stop, size_t *line, |
︙ | |||
650 651 652 653 654 655 656 | 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 | - + | { void *pool = objc_autoreleasePoolPush(); const char *pointer = [self UTF8String]; const char *stop = pointer + [self UTF8StringLength]; id object; size_t line = 1; |
Modified tests/OFJSONTests.m from [0d2731c6ad] to [e1f8244382].
︙ | |||
64 65 66 67 68 69 70 71 72 73 74 | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 | + + + + + + + + + + + + + + + + + + + + + + + + | [@"{" JSONValue]) EXPECT_EXCEPTION(@"-[JSONValue] #3", OFInvalidJSONException, [@"]" JSONValue]) EXPECT_EXCEPTION(@"-[JSONValue] #4", OFInvalidJSONException, [@"bar" JSONValue]) EXPECT_EXCEPTION(@"-[JSONValue] #5", OFInvalidJSONException, [@"[\"a\" \"b\"]" JSONValue]) TEST(@"-[JSONValue] #6", [[@"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[{}]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]" JSONValue] isEqual: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFArray arrayWithObject: [OFDictionary dictionary]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]) EXPECT_EXCEPTION(@"-[JSONValue] #7", OFInvalidJSONException, [@"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[{}]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]" JSONValue]) [pool drain]; } @end |