*/
#include "qemu/osdep.h"
-#include "qemu-common.h"
-#include "qapi/qmp/json-lexer.h"
-#include "qapi/qmp/json-parser.h"
-#include "qapi/qmp/json-streamer.h"
+#include "qapi/error.h"
+#include "json-parser-int.h"
#define MAX_TOKEN_SIZE (64ULL << 20)
#define MAX_TOKEN_COUNT (2ULL << 20)
-#define MAX_NESTING (1ULL << 10)
-
-static void json_message_free_token(void *token, void *opaque)
-{
- g_free(token);
-}
+#define MAX_NESTING (1 << 10)
static void json_message_free_tokens(JSONMessageParser *parser)
{
- if (parser->tokens) {
- g_queue_foreach(parser->tokens, json_message_free_token, NULL);
- g_queue_free(parser->tokens);
- parser->tokens = NULL;
+ JSONToken *token;
+
+ while ((token = g_queue_pop_head(&parser->tokens))) {
+ g_free(token);
}
}
parser->bracket_count--;
break;
case JSON_ERROR:
+ error_setg(&err, "JSON parse error, stray '%s'", input->str);
+ goto out_emit;
+ case JSON_END_OF_INPUT:
+ if (g_queue_is_empty(&parser->tokens)) {
+ return;
+ }
+ json = json_parser_parse(&parser->tokens, parser->ap, &err);
goto out_emit;
default:
break;
}
- token = g_malloc(sizeof(JSONToken) + input->len + 1);
- token->type = type;
- memcpy(token->str, input->str, input->len);
- token->str[input->len] = 0;
- token->x = x;
- token->y = y;
+ /*
+ * Security consideration, we limit total memory allocated per object
+ * and the maximum recursion depth that a message can force.
+ */
+ if (parser->token_size + input->len + 1 > MAX_TOKEN_SIZE) {
+ error_setg(&err, "JSON token size limit exceeded");
+ goto out_emit;
+ }
+ if (g_queue_get_length(&parser->tokens) + 1 > MAX_TOKEN_COUNT) {
+ error_setg(&err, "JSON token count limit exceeded");
+ goto out_emit;
+ }
+ if (parser->bracket_count + parser->brace_count > MAX_NESTING) {
+ error_setg(&err, "JSON nesting depth limit exceeded");
+ goto out_emit;
+ }
+ token = json_token(type, x, y, input);
parser->token_size += input->len;
- g_queue_push_tail(parser->tokens, token);
+ g_queue_push_tail(&parser->tokens, token);
- if (parser->brace_count < 0 ||
- parser->bracket_count < 0 ||
- (parser->brace_count == 0 &&
- parser->bracket_count == 0)) {
- json = json_parser_parse(parser->tokens, parser->ap, &err);
- parser->tokens = NULL;
- goto out_emit;
- }
-
- if (parser->token_size > MAX_TOKEN_SIZE ||
- g_queue_get_length(parser->tokens) > MAX_TOKEN_COUNT ||
- parser->bracket_count + parser->brace_count > MAX_NESTING) {
- /* Security consideration, we limit total memory allocated per object
- * and the maximum recursion depth that a message can force.
- */
- goto out_emit;
+ if ((parser->brace_count > 0 || parser->bracket_count > 0)
+ && parser->bracket_count >= 0 && parser->bracket_count >= 0) {
+ return;
}
- return;
+ json = json_parser_parse(&parser->tokens, parser->ap, &err);
out_emit:
parser->brace_count = 0;
parser->bracket_count = 0;
json_message_free_tokens(parser);
- parser->tokens = g_queue_new();
parser->token_size = 0;
parser->emit(parser->opaque, json, err);
}
parser->ap = ap;
parser->brace_count = 0;
parser->bracket_count = 0;
- parser->tokens = g_queue_new();
+ g_queue_init(&parser->tokens);
parser->token_size = 0;
json_lexer_init(&parser->lexer, !!ap);
void json_message_parser_flush(JSONMessageParser *parser)
{
json_lexer_flush(&parser->lexer);
+ assert(g_queue_is_empty(&parser->tokens));
}
void json_message_parser_destroy(JSONMessageParser *parser)
projects / qemu.git / blobdiff