[issue12017] Decoding a highly-nested object with json (_speedups enabled) causes segfault

ivank Fri, 06 May 2011 05:30:11 -0700

New submission from ivank <b...@ludios.org>:

Decoding a highly-nested object with json (_speedups enabled) can cause a 
segfault due to a stack overflow:


# python -c "import json; json.loads('[' * 100000 + '1' + ']' * 100000)"
zsh: segmentation fault  python -c "import json; json.loads('[' * 100000 + '1' 
+ ']' * 100000)"

# python -c "import json; json.loads('{\"a\":' * 100000 + '1' + '}' * 100000)"
zsh: segmentation fault  python -c "import json; json.loads('{\"a\":' * 100000 
+ '1' + '}' * 100000)"

simplejson has the same problem:
https://github.com/simplejson/simplejson/pull/11

I've started on a fix (see patch at that URL), but it doesn't support 
customizing max_depth yet.

----------
components: Library (Lib)
messages: 135281
nosy: ivank
priority: normal
severity: normal
status: open
title: Decoding a highly-nested object with json (_speedups enabled) causes 
segfault
type: security
versions: Python 2.7

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue12017>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue12017] Decoding a highly-nested object with json (_speedups enabled) causes segfault

Reply via email to