Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(kscrash): prevent stack overflow escaping strings to JSON #739

Merged
merged 3 commits into from
Jul 3, 2020

Conversation

tomlongridge
Copy link
Contributor

Goal

In load testing concurrent notify calls, it was found that an occasional stack overflow is possible if a string being converted to JSON contains a significant number of control characters.

The codec escapes control characters by adding "\u" followed by the hex value of the character. However this means that up to 6 characters can be added for each control character. Because a fixed-size buffer is used to work on, this can cause a stack overflow if it contains enough characters.

Design

To account for whitespace replacements (e.g. tabs to "\t") we were previously only allowing the string to be half the size of the buffer. I believe this pre-dated the inclusion of the "\uXXXX" logic and wasn't updated at the time. However to only allow 1/6 of the buffer seems too small, so I've removed this bit of logic from bsg_ksjsoncodec_i_addEscapedString and added an extra call to addJSONData inside bsg_ksjsoncodec_i_appendEscapedString so we add the existing string and reset the buffer if it's possible to exceed it on the next character.

Tests

Added some unit tests to ensure the logic works for longer strings.

@tomlongridge tomlongridge force-pushed the tom/fix-escaping-long-json-strings branch from 807980d to 9fe09b5 Compare July 3, 2020 14:21
@fractalwrench fractalwrench self-requested a review July 3, 2020 15:29
@tomlongridge tomlongridge merged commit bca55c1 into next Jul 3, 2020
@tomlongridge tomlongridge deleted the tom/fix-escaping-long-json-strings branch July 3, 2020 16:58
@tomlongridge tomlongridge mentioned this pull request Jul 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants