You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by al...@apache.org on 2018/09/18 19:41:49 UTC
[mesos] branch master updated (d468487 -> bc90afc)
This is an automated email from the ASF dual-hosted git repository.
alexr pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git.
from d468487 Added defer to dispatch lambdas onto PID.
new e4e6dde Added patch for PicoJSON.
new bc90afc Added new member function to stout PicoJSON context.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
3rdparty/CMakeLists.txt | 3 +
3rdparty/picojson-1.3.0.patch | 206 ++++++++++++++++++++++++++++++++++
3rdparty/stout/include/stout/json.hpp | 35 +++++-
3rdparty/stout/tests/json_tests.cpp | 21 ++++
4 files changed, 260 insertions(+), 5 deletions(-)
create mode 100644 3rdparty/picojson-1.3.0.patch
[mesos] 01/02: Added patch for PicoJSON.
Posted by al...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
alexr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit e4e6dded74eee02cc26463fc3b773385d07d6fbe
Author: Benno Evers <be...@mesosphere.com>
AuthorDate: Tue Sep 18 21:34:26 2018 +0200
Added patch for PicoJSON.
This commit adds a backport of an upstream patch
provided by kazuho that introduces a maximum nesting
level for JSON objects.
Review: https://reviews.apache.org/r/68718/
---
3rdparty/CMakeLists.txt | 3 +
3rdparty/picojson-1.3.0.patch | 206 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 209 insertions(+)
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index 1a4ed5a..05cbb03 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -424,9 +424,12 @@ target_compile_definitions(
picojson INTERFACE
__STDC_FORMAT_MACROS)
+PATCH_CMD(PICOJSON_PATCH_CMD picojson-${PICOJSON_VERSION}.patch)
+
ExternalProject_Add(
${PICOJSON_TARGET}
PREFIX ${PICOJSON_CMAKE_ROOT}
+ PATCH_COMMAND ${PICOJSON_PATCH_CMD}
CONFIGURE_COMMAND ${CMAKE_NOOP}
BUILD_COMMAND ${CMAKE_NOOP}
INSTALL_COMMAND ${CMAKE_NOOP}
diff --git a/3rdparty/picojson-1.3.0.patch b/3rdparty/picojson-1.3.0.patch
new file mode 100644
index 0000000..5d1716a
--- /dev/null
+++ b/3rdparty/picojson-1.3.0.patch
@@ -0,0 +1,206 @@
+From af08e41dd05b3ba279bed1f9794ca0fa101e3272 Mon Sep 17 00:00:00 2001
+From: Benno Evers <be...@mesosphere.com>
+Date: Fri, 14 Sep 2018 15:33:56 +0200
+Subject: [PATCH] Backport depth check to v1.3.0
+
+This is a backport of a similar, unpublished upstream commit
+originally authored by kazuho. Minor modifications had to be made
+to account for changed formatting and to fix up some counter
+modifications that were moved to the wrong lines; as well as
+two additional test cases.
+
+---
+ picojson.h | 56 +++++++++++++++++++++++++++++++++++++++++++-----------
+ test.cc | 42 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 87 insertions(+), 11 deletions(-)
+
+diff --git a/picojson.h b/picojson.h
+index 48bb64e..23485a6 100644
+--- a/picojson.h
++++ b/picojson.h
+@@ -101,7 +101,7 @@ namespace picojson {
+ };
+
+ enum {
+- INDENT_WIDTH = 2
++ INDENT_WIDTH = 2, DEFAULT_MAX_DEPTHS = 100
+ };
+
+ struct null {};
+@@ -705,7 +705,7 @@ namespace picojson {
+ return false;
+ }
+ if (in.expect('}')) {
+- return true;
++ return ctx.parse_object_stop();
+ }
+ do {
+ std::string key;
+@@ -718,7 +718,7 @@ namespace picojson {
+ return false;
+ }
+ } while (in.expect(','));
+- return in.expect('}');
++ return in.expect('}') && ctx.parse_object_stop();
+ }
+
+ template <typename Iter> inline std::string _parse_number(input<Iter>& in) {
+@@ -820,8 +820,9 @@ namespace picojson {
+ class default_parse_context {
+ protected:
+ value* out_;
++ size_t depths_;
+ public:
+- default_parse_context(value* out) : out_(out) {}
++ default_parse_context(value* out, size_t depths = DEFAULT_MAX_DEPTHS) : out_(out), depths_(depths) {}
+ bool set_null() {
+ *out_ = value();
+ return true;
+@@ -845,37 +846,53 @@ namespace picojson {
+ return _parse_string(out_->get<std::string>(), in);
+ }
+ bool parse_array_start() {
++ if (depths_ == 0)
++ return false;
++ --depths_;
+ *out_ = value(array_type, false);
+ return true;
+ }
+ template <typename Iter> bool parse_array_item(input<Iter>& in, size_t) {
+ array& a = out_->get<array>();
+ a.push_back(value());
+- default_parse_context ctx(&a.back());
++ default_parse_context ctx(&a.back(), depths_);
+ return _parse(ctx, in);
+ }
+- bool parse_array_stop(size_t) { return true; }
++ bool parse_array_stop(size_t) {
++ ++depths_;
++ return true;
++ }
+ bool parse_object_start() {
++ if (depths_ == 0)
++ return false;
++ --depths_;
+ *out_ = value(object_type, false);
+ return true;
+ }
+ template <typename Iter> bool parse_object_item(input<Iter>& in, const std::string& key) {
+ object& o = out_->get<object>();
+- default_parse_context ctx(&o[key]);
++ default_parse_context ctx(&o[key], depths_);
+ return _parse(ctx, in);
+ }
++ bool parse_object_stop() {
++ ++depths_;
++ return true;
++ }
+ private:
+ default_parse_context(const default_parse_context&);
+ default_parse_context& operator=(const default_parse_context&);
+ };
+
+ class null_parse_context {
++ protected:
++ size_t depths_;
++
+ public:
+ struct dummy_str {
+ void push_back(int) {}
+ };
+ public:
+- null_parse_context() {}
++ null_parse_context(size_t depths = DEFAULT_MAX_DEPTHS) : depths_(depths) {}
+ bool set_null() { return true; }
+ bool set_bool(bool) { return true; }
+ #ifdef PICOJSON_USE_INT64
+@@ -886,15 +903,32 @@ namespace picojson {
+ dummy_str s;
+ return _parse_string(s, in);
+ }
+- bool parse_array_start() { return true; }
++ bool parse_array_start() {
++ if (depths_ == 0)
++ return false;
++ --depths_;
++ return true;
++ }
+ template <typename Iter> bool parse_array_item(input<Iter>& in, size_t) {
+ return _parse(*this, in);
+ }
+- bool parse_array_stop(size_t) { return true; }
+- bool parse_object_start() { return true; }
++ bool parse_array_stop(size_t) {
++ ++depths_;
++ return true;
++ }
++ bool parse_object_start() {
++ if (depths_ == 0)
++ return false;
++ --depths_;
++ return true;
++ }
+ template <typename Iter> bool parse_object_item(input<Iter>& in, const std::string&) {
+ return _parse(*this, in);
+ }
++ bool parse_object_stop() {
++ ++depths_;
++ return true;
++ }
+ private:
+ null_parse_context(const null_parse_context&);
+ null_parse_context& operator=(const null_parse_context&);
+diff --git a/test.cc b/test.cc
+index ed9656d..b04ed59 100644
+--- a/test.cc
++++ b/test.cc
+@@ -308,5 +308,47 @@ int main(void)
+ is(v.get<picojson::array>()[1].get<std::string>(), "abc", "simple API value #1");
+ }
+
++ {
++ std::string s = "[{\"a\":123}]", err;
++ picojson::value v;
++ picojson::default_parse_context ctx(&v, 2);
++ std::string::const_iterator end = picojson::_parse(ctx, s.begin(), s.end(), &err);
++ _ok(err.empty(), "should succeed");
++ _ok(end == s.end(), "should have consumed all input");
++ _ok(v.get(0).get("a").get<double>() == 123, "should return correct value");
++ }
++
++ {
++ std::string s = "[{\"a\":123}]", err;
++ picojson::value v;
++ picojson::default_parse_context ctx(&v, 1);
++ std::string::const_iterator end = picojson::_parse(ctx, s.begin(), s.end(), &err);
++ _ok(!err.empty(), "should fail");
++ _ok(v.is<picojson::array>(), "should get an array");
++ _ok(v.get(0).is<picojson::null>(), "that contains null");
++ }
++
++ {
++ std::string s = "{\"a\": {\"b\": {\"c\": 123}}}", err;
++ picojson::value v;
++ picojson::default_parse_context ctx(&v, 1);
++ std::string::const_iterator end = picojson::_parse(ctx, s.begin(), s.end(), &err);
++ _ok(!err.empty(), "should fail due to nesting depth");
++ }
++
++ {
++ std::string s = "[{\"a\":123}]", err;
++ picojson::null_parse_context ctx(1);
++ std::string::const_iterator end = picojson::_parse(ctx, s.begin(), s.end(), &err);
++ _ok(!err.empty(), "should fail");
++ }
++
++ {
++ std::string s = "[{\"a\":123, \"b\":45, \"c\":67}, {\"b\": [456]}]", err;
++ picojson::null_parse_context ctx(2);
++ std::string::const_iterator end = picojson::_parse(ctx, s.begin(), s.end(), &err);
++ _ok(!err.empty(), "should fail due to nesting depth");
++ }
++
+ return done_testing();
+ }
+--
+2.17.1
[mesos] 02/02: Added new member function to stout PicoJSON context.
Posted by al...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
alexr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit bc90afc2a0bf9603a1fc9f1012f85a3f1cdcb518
Author: Benno Evers <be...@mesosphere.com>
AuthorDate: Tue Sep 18 21:34:33 2018 +0200
Added new member function to stout PicoJSON context.
This commit adds the new `parse_object_stop()` callback,
which was added in the previous patch, to stout's internal
PicoJSON context.
Review: https://reviews.apache.org/r/68720/
---
3rdparty/stout/include/stout/json.hpp | 35 ++++++++++++++++++++++++++++++-----
3rdparty/stout/tests/json_tests.cpp | 21 +++++++++++++++++++++
2 files changed, 51 insertions(+), 5 deletions(-)
diff --git a/3rdparty/stout/include/stout/json.hpp b/3rdparty/stout/include/stout/json.hpp
index 62a8139..17bd02e 100644
--- a/3rdparty/stout/include/stout/json.hpp
+++ b/3rdparty/stout/include/stout/json.hpp
@@ -889,13 +889,18 @@ inline std::ostream& operator<<(std::ostream& stream, const Null& null)
namespace internal {
+// "Depth" is counted downwards to stay closer to the analogous
+// implementation in PicoJSON.
+constexpr size_t STOUT_JSON_MAX_DEPTH = 200;
+
// Our implementation of picojson's parsing context that allows
// us to parse directly into our JSON::Value.
//
// https://github.com/kazuho/picojson/blob/v1.3.0/picojson.h#L820-L870
class ParseContext {
public:
- ParseContext(Value* _value) : value(_value) {}
+ ParseContext(Value* _value, size_t _depth = STOUT_JSON_MAX_DEPTH)
+ : value(_value), depth(_depth) {}
ParseContext(const ParseContext&) = delete;
ParseContext &operator=(const ParseContext&) = delete;
@@ -920,19 +925,33 @@ public:
return picojson::_parse_string(value->as<String>().value, in);
}
- bool parse_array_start() { *value = Array(); return true; }
+ bool parse_array_start() {
+ if (depth <= 0) {
+ return false;
+ }
+ --depth;
+ *value = Array();
+ return true;
+ }
template <typename Iter>
bool parse_array_item(picojson::input<Iter>& in, size_t) {
Array& array = value->as<Array>();
array.values.push_back(Value());
- ParseContext context(&array.values.back());
+ ParseContext context(&array.values.back(), depth);
return picojson::_parse(context, in);
}
- bool parse_array_stop(size_t) { return true; }
+ bool parse_array_stop(size_t) {
+ ++depth;
+ return true;
+ }
bool parse_object_start() {
+ if (depth <= 0) {
+ return false;
+ }
+ --depth;
*value = Object();
return true;
}
@@ -940,11 +959,17 @@ public:
template <typename Iter>
bool parse_object_item(picojson::input<Iter>& in, const std::string& key) {
Object& object = value->as<Object>();
- ParseContext context(&object.values[key]);
+ ParseContext context(&object.values[key], depth);
return picojson::_parse(context, in);
}
+ bool parse_object_stop() {
+ ++depth;
+ return true;
+ }
+
Value* value;
+ size_t depth;
};
} // namespace internal {
diff --git a/3rdparty/stout/tests/json_tests.cpp b/3rdparty/stout/tests/json_tests.cpp
index ee44edf..7a33579 100644
--- a/3rdparty/stout/tests/json_tests.cpp
+++ b/3rdparty/stout/tests/json_tests.cpp
@@ -795,3 +795,24 @@ TEST(JsonTest, ContainsObject)
"}");
EXPECT_FALSE(nested.contains(nestedTest.get()));
}
+
+
+TEST(JsonTest, NestingDepth)
+{
+ const size_t depth = 500000;
+
+ string deeplyNested;
+
+ for (size_t i = 0; i < depth; ++i) {
+ deeplyNested += "[";
+ }
+
+ deeplyNested += "42";
+
+ for (size_t i = 0; i < depth; ++i) {
+ deeplyNested += "]";
+ }
+
+ Try<JSON::Value> parsed = JSON::parse(deeplyNested);
+ ASSERT_ERROR(parsed); // Maximum depth exceeded.
+}