JSON: add more robust specs for deep nesting check, and fix error mes…

…sage
crystal-lang · Oct 27, 2016 · 36b2fc4 · 36b2fc4
1 parent 680c099
commit 36b2fc4
Showing 4 changed files with 33 additions and 5 deletions.
diff --git a/spec/std/json/parser_spec.cr b/spec/std/json/parser_spec.cr
@@ -62,9 +62,17 @@ describe JSON::Parser do
 
   it_raises_on_parse "1\u{0}"
 
-  # Prevent too deep nesting (prevents stack overflow)
-  it_raises_on_parse(("[" * 513) + ("]" * 513))
-  it_raises_on_parse(("{" * 513) + ("}" * 513))
+  it "prevents stack overflow for arrays" do
+    expect_raises JSON::ParseException, "nesting of 513 is too deep" do
+      JSON.parse(("[" * 513) + ("]" * 513))
+    end
+  end
+
+  it "prevents stack overflow for hashes" do
+    expect_raises JSON::ParseException, "nesting of 513 is too deep" do
+      JSON.parse((%({"x": ) * 513) + ("}" * 513))
+    end
+  end
 
   it "returns raw" do
     value = JSON.parse_raw("1")

diff --git a/spec/std/json/pull_parser_spec.cr b/spec/std/json/pull_parser_spec.cr
@@ -162,6 +162,26 @@ describe JSON::PullParser do
   assert_pull_parse_error %({"name": "John", "age", 1})
   assert_pull_parse_error %({"name": "John", "age": "foo", "bar"})
 
+  it "prevents stack overflow for arrays" do
+    parser = JSON::PullParser.new(("[" * 513) + ("]" * 513))
+    expect_raises JSON::ParseException, "nesting of 513 is too deep" do
+      while true
+        break if parser.kind == :EOF
+        parser.read_next
+      end
+    end
+  end
+
+  it "prevents stack overflow for hashes" do
+    parser = JSON::PullParser.new((%({"x": ) * 513) + ("}" * 513))
+    expect_raises JSON::ParseException, "nesting of 513 is too deep" do
+      while true
+        break if parser.kind == :EOF
+        parser.read_next
+      end
+    end
+  end
+
   # Prevent too deep nesting (prevents stack overflow)
   assert_pull_parse_error(("[" * 513) + ("]" * 513))
   assert_pull_parse_error(("{" * 513) + ("}" * 513))

diff --git a/src/json/parser.cr b/src/json/parser.cr
@@ -128,7 +128,7 @@ class JSON::Parser
   private def nest
     @nest += 1
     if @nest > @max_nesting
-      parse_exception "nesting of #{@max_nesting} is too deep"
+      parse_exception "nesting of #{@nest} is too deep"
     end
 
     yield

diff --git a/src/json/pull_parser.cr b/src/json/pull_parser.cr
@@ -504,7 +504,7 @@ class JSON::PullParser
 
   private def push_in_object_stack(symbol)
     if @object_stack.size >= @max_nesting
-      parse_exception "nesting of #{@max_nesting} is too deep"
+      parse_exception "nesting of #{@object_stack.size + 1} is too deep"
     end
 
     @object_stack.push(symbol)