Eric Blake <ebl...@redhat.com> writes: > On 11/19/2015 08:29 AM, Markus Armbruster wrote: >> Ugh, I almost dropped this on the floor. I think it should go into >> 2.5, and I plan to take it through my tree. If you disagree, please >> speak up. > > It sounds like a bug fix to me (avoiding core dumps due to > user-triggerable input) and on that ground, qualifies for hard freeze in > my books. > >> >> We limit nesting depth and input size to defend against input >> triggering excessive heap or stack memory use (commit 29c75dd >> json-streamer: limit the maximum recursion depth and maximum token >> count). This limiting is flawed in multiple ways. Fix it up some. >> >> Not yet fixed: this JSON parser is an absurd memory hog; see last >> patch. >> >> v2: >> * Trivially rebased, R-bys retained >> * PATCH 3: Fix a nearby comment typo [Eric] >> * PATCH 4: Simplify make_nest() slightly >> * PATCH 5: Commit message tweaked > > Hmm, when the series is only 4/4, changes to PATCH 5 are suspect :)
I can't count. Subtract one from every patch number in the list above. > At any rate, the changes look correct, and minor enough that keeping my > R-b was the right thing to do. Thanks!
