Issue #881: don't allow json_tokener_new_ex() with a depth < 1

2026-03-13 18:19:06 +08:00 · 2024-11-17 22:11:24 -05:00
parent 565f181f65
commit ff8ed0f094
2 changed files with 4 additions and 0 deletions
--- a/json_tokener.c
+++ b/json_tokener.c
@@ -154,6 +154,9 @@ struct json_tokener *json_tokener_new_ex(int depth)
 {
 	struct json_tokener *tok;

+	if (depth < 1)
+		return NULL;
+
 	tok = (struct json_tokener *)calloc(1, sizeof(struct json_tokener));
 	if (!tok)
 		return NULL;
--- a/json_tokener.h
+++ b/json_tokener.h
@@ -206,6 +206,7 @@ JSON_EXPORT struct json_tokener *json_tokener_new(void);

 /**
 * Allocate a new json_tokener with a custom max nesting depth.
+ * The depth must be at least 1.
 * @see JSON_TOKENER_DEFAULT_DEPTH
 */
 JSON_EXPORT struct json_tokener *json_tokener_new_ex(int depth);