Project

General

Profile

Actions

Bug #3630

closed

Recursion stack-overflow in parsing YAML configuration

Added by Jason Ish over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 4.1, Needs backport to 5.0

Description

A YAML configuration can be crafted (for example, by a fuzzer) that causes the YAML parser to recurse to a depth where a stack-overflow occurs. This appears to be at about 180. Our default configuration goes to a depth of about 16.

Suggested fix: track the recursion limit and abort at some level, for example 128 should be OK.

Longer term fix if we every have a config that needs more recursion would be to refactor into a loop.


Related issues 2 (0 open2 closed)

Copied to Bug #3652: Recursion stack-overflow in parsing YAML configurationClosedShivani BhardwajActions
Copied to Bug #3653: Recursion stack-overflow in parsing YAML configurationClosedJeff LucovskyActions
Actions #1

Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed
  • Label Needs backport to 4.1, Needs backport to 5.0 added
Actions #2

Updated by Jeff Lucovsky over 2 years ago

  • Copied to Bug #3652: Recursion stack-overflow in parsing YAML configuration added
Actions #3

Updated by Jeff Lucovsky over 2 years ago

  • Copied to Bug #3653: Recursion stack-overflow in parsing YAML configuration added
Actions

Also available in: Atom PDF