stackLimit

Author: cdunn2001

include/json/reader.h

@@ -310,6 +310,9 @@ class JSON_API CharReaderBuilder : public CharReader::Factory {
       - true if dropped null placeholders are allowed. (See StreamWriterBuilder.)
     - "allowNumericKeys": false or true
       - true if numeric object keys are allowed.
+    - "stackLimit": integer
+      - This is a security issue (seg-faults caused by deeply nested JSON),
+        so the default is low.
 
     You can examine 'settings_` yourself
     to see the defaults. You can also write and read them just like any

src/lib_json/json_reader.cpp

@@ -1865,6 +1865,7 @@ static void getValidReaderKeys(std::set<std::string>* valid_keys)
   valid_keys->insert("strictRoot");
   valid_keys->insert("allowDroppedNullPlaceholders");
   valid_keys->insert("allowNumericKeys");
+  valid_keys->insert("stackLimit");
 }
 bool CharReaderBuilder::validate(Json::Value* invalid) const
 {
@@ -1903,6 +1904,7 @@ void CharReaderBuilder::setDefaults(Json::Value* settings)
   (*settings)["strictRoot"] = false;
   (*settings)["allowDroppedNullPlaceholders"] = false;
   (*settings)["allowNumericKeys"] = false;
+  (*settings)["stackLimit"] = 1000;
 //! [CharReaderBuilderDefaults]
 }