Skip to content

recursive from_msgpack implementation will stack overflow #537

Closed
Closed
recursive from_msgpack implementation will stack overflow#537
Labels
aspect: binary formatsBSON, CBOR, MessagePack, UBJSONconfirmedkind: bugsolution: duplicatethe issue is a duplicate; refer to the linked issue instead
@xgzeng

Description

@xgzeng
xgzeng
opened on Mar 28, 2017

from_msgpack function(etc) parses data recursively, which will cause stack overflow when process deep nested structure.
It will be DOS vulnerabilities, if we use library to process data from outside.

Following is example code to generate malicious data. msgpack_pack_array is not shown here.

for (int i = 0; i < 10000; ++i) {
    msgpack_pack_array(buffer, 1);
}
msgpack_pack_array(buffer, 0);

Metadata

Metadata

Assignees

No one assigned

    Labels

    aspect: binary formatsBSON, CBOR, MessagePack, UBJSONconfirmedkind: bugsolution: duplicatethe issue is a duplicate; refer to the linked issue instead

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions