v2.2.4
liggitt
tagged this
02 Oct 18:33
This addresses the following items: ==== Parse time of excessively deep nested or indented documents Parsing these documents is non-linear; limiting stack depth to 10,000 keeps parse times of pathological documents sub-second (~.25 seconds in benchmarks) ==== Alias node expansion limits The current limit allows 10,000% expansion, which is too permissive for large documents. Limiting to 10% expansion for larger documents allows callers to use input size as an effective way to limit resource usage. Continuing to allow larger expansion rates (up to the current 10,000% limit) for smaller documents does not unduly affect memory use. This change bounds decode operations from alias expansion to ~400,000 operations for small documents (worst-case ~100-150MB) or 10% of the input document for large documents, whichever is greater.