Comments (3)
yhyu13
commented on June 2, 2024
I am not maintainer, but just cameacross. what is the json file that leads to this infinite recursive? Reproducible?
from rapidjson.
adoxalim
commented on June 2, 2024
The issue is reproducible, and while here is official page, it is good to share file and steps here:
- Write or find some rapidjson code that uses parse api (ie: examples/capitalize)
- Build code with llvm sanitizer
clang++-18 -fsanitize = address target.cpp - Open file with compiled program, observe
stack overflow. (cat file.json | ./capitalize) - Repeat same steps with
memory, undefined, leak and threadsanitizers, and you will get similar results.
The source of problem is ability of creating a new [inside another one without any limitation.
I am not pro to exploit it but, some skilled hand may convert it.
It was very easy to find this bug, it means some others could find also.
As now it will be visible to everyone, if it is dangerous, please do not be late to patch it.
The easiest patch can be limiatition the number of [ three's, or better idea.
from rapidjson.
Related Issues (20)
- The performance on ubuntu and centos is much worse than on windows?
- IStreamWrapper does not recognize special characters like € or korean chars HOT 2
- 编译报错 HOT 1
- Double serialization precision is not IEEE 754-compliant
- New release tag version HOT 1
- `qt5-location` fails to build when devel version of `rapidjson` installed (?)
- Visual Studio 2022 (using /std:c++20) new warning HOT 2
- Throw exception in functions which is specified as noexcept
- 在多进程中使用共享内存传输rapidjson时出现数据读取错误的问题
- 源码请教
- Cmake 3.5 deprecation warning HOT 1
- Build fails on macOS due to Include/rapidjson/msinttypes/stdint.h HOT 2
- Writer always prints decimals when a float or double is used
- Error:/rapidjson/document.h:2334:15: error: expected unqualified-id before ‘bool’ HOT 4
- New version for googletest HOT 1
- reuse the json object, only revise some keywords, best formance for generate a json string?
- performace comparison between snprintf and rapidjson wirter? HOT 2
- Deserialization fails on invalid unicode code point
- Invalid static_cast in regex.h
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rapidjson.