-
-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
on MSVC dump() will hard crash for larger json #1693
Comments
Ok it turns out this issue is most likely invalid. We only get this issue if the depth of the json is in the range of 1024 levels or more. This is most likely a hard-coded limit somewhere in the library? Interestingly, the number of items is not the problem, so 1024 arrays inside each other will trigger the issue. |
It could be due to a stack overflow during dump. Have you tried increasing the stack size to see if it has any effect. Here is an example of how it could be done by compiler/linker flags: https://github.com/nlohmann/json/blob/develop/appveyor.yml#L81 |
Indeed the dump function is recursive, so a limited stack size can be a problem there. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I will close the issue as a know limitation of recursion depth that can most likely be worked around in compiler settings (though I have not tried). |
Let's assume your program accepts JSON from untrusted sources. Meaning you have an basically arbitrary recursion depth. No matter which compiler settings you choose, at some point your stack will be too small. I would like to see a compile time constant to limit the recursion depth of parse/dump and gracefully reject json documents not matching that. The default can be unlimited, while still allowing to have a stable program. |
This includes the following fixes: nlohmann/json#1436 > For a deeply-nested JSON object, the recursive implementation of json_value::destroy function causes stack overflow. nlohmann/json#1708 nlohmann/json#1722 Stack size nlohmann/json#1693 (comment) Integer Overflow nlohmann/json#1447 UTF8, json dump out of bounds nlohmann/json#1445 Possibly influences #7532
This includes the following fixes: nlohmann/json#1436 > For a deeply-nested JSON object, the recursive implementation of json_value::destroy function causes stack overflow. nlohmann/json#1708 nlohmann/json#1722 Stack size nlohmann/json#1693 (comment) Integer Overflow nlohmann/json#1447 UTF8, json dump out of bounds nlohmann/json#1445 Possibly influences #7532
This includes the following fixes: nlohmann/json#1436 > For a deeply-nested JSON object, the recursive implementation of json_value::destroy function causes stack overflow. nlohmann/json#1708 nlohmann/json#1722 Stack size nlohmann/json#1693 (comment) Integer Overflow nlohmann/json#1447 UTF8, json dump out of bounds nlohmann/json#1445 Possibly influences #7532
I'm using json in a cross platform application to serialize a tree. On all platforms except MSVC I can create a large tree and serialize it with
dump(4)
. However on Windows x64 MSVC Visual Studio 2017.9 when callingdump()
I get exceptiondump()
What is the expected behavior?
The serialized json should be returned as a std::string of ~24MB size. And the program should not hard crash. SEH exceptions can not easily be handled by the application.
And what is the actual behavior instead?
Which compiler and operating system are you using? Is it a supported compiler?
Windows x64 MSVC Visual Studio 2017.9 (current latest with all updates)
Did you use a released version of the library or the version from the
develop
branch?Release version 3.6.1
The text was updated successfully, but these errors were encountered: