On 11/19/2015 08:29 AM, Markus Armbruster wrote: > Ugh, I almost dropped this on the floor. I think it should go into > 2.5, and I plan to take it through my tree. If you disagree, please > speak up.
It sounds like a bug fix to me (avoiding core dumps due to user-triggerable input) and on that ground, qualifies for hard freeze in my books. > > We limit nesting depth and input size to defend against input > triggering excessive heap or stack memory use (commit 29c75dd > json-streamer: limit the maximum recursion depth and maximum token > count). This limiting is flawed in multiple ways. Fix it up some. > > Not yet fixed: this JSON parser is an absurd memory hog; see last > patch. > > v2: > * Trivially rebased, R-bys retained > * PATCH 3: Fix a nearby comment typo [Eric] > * PATCH 4: Simplify make_nest() slightly > * PATCH 5: Commit message tweaked Hmm, when the series is only 4/4, changes to PATCH 5 are suspect :) At any rate, the changes look correct, and minor enough that keeping my R-b was the right thing to do. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
