[issue12017] Decoding a highly-nested object with json (_speedups enabled) causes segfault
ivank
report at bugs.python.org
Fri May 6 14:25:57 CEST 2011
New submission from ivank <bugs at ludios.org>:
Decoding a highly-nested object with json (_speedups enabled) can cause a segfault due to a stack overflow:
# python -c "import json; json.loads('[' * 100000 + '1' + ']' * 100000)"
zsh: segmentation fault python -c "import json; json.loads('[' * 100000 + '1' + ']' * 100000)"
# python -c "import json; json.loads('{\"a\":' * 100000 + '1' + '}' * 100000)"
zsh: segmentation fault python -c "import json; json.loads('{\"a\":' * 100000 + '1' + '}' * 100000)"
simplejson has the same problem:
https://github.com/simplejson/simplejson/pull/11
I've started on a fix (see patch at that URL), but it doesn't support customizing max_depth yet.
----------
components: Library (Lib)
messages: 135281
nosy: ivank
priority: normal
severity: normal
status: open
title: Decoding a highly-nested object with json (_speedups enabled) causes segfault
type: security
versions: Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12017>
_______________________________________
More information about the Python-bugs-list
mailing list