Skip to content

QA - json_decode - max depth allowed #9359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

QA - json_decode - max depth allowed #9359

wants to merge 1 commit into from

Conversation

juan-morales
Copy link
Contributor

No description provided.

@juan-morales
Copy link
Contributor Author

@cmb69 , while working on my RFC (#9355) , I found out this.

Can you check the azure pipeline also? Is this a bug?

@juan-morales juan-morales marked this pull request as ready for review August 17, 2022 19:49
@cmb69
Copy link
Member

cmb69 commented Aug 18, 2022
edited
Loading

That is mostly expected behavior. $depth must be smaller than or equal to 2**31-1; otherwise a ValueError is thrown, and the function is not executed at all. On 32bit systems, PHP_INT_MAX is equal to 2**31-1, so no error is thrown, and the function succeeds.

Testing this ValueError makes sense, but we should skip that test on 32bit systems.

Anyhow, the error message is off by one (should be "less than or equal to"), and there is no need for this check on 32bit systems at all; zend_range_check.h has some macros which support such range checks; in this case ZEND_LONG_INT_OVFL(depth) could be used.

And we need to document the range limit (0 < depth <= INT_MAX) in the manual.

PS: docs fixed

cmb69 added a commit to php/doc-en that referenced this pull request Aug 18, 2022
@cmb69
Document allowed range for json_decode()'s $depth parameter
2071714 
Cf. <php/php-src#9359 (comment)>.
mumumu added a commit to php/doc-ja that referenced this pull request Aug 18, 2022
@mumumu
Document allowed range for json_decode()'s $depth parameter
f5cc500 
Cf. <php/php-src#9359 (comment)>.

php/doc-en@2071714
@juan-morales
Copy link
Contributor Author

Should we close this PR? Should I fix something in the core? (like depth >= INT_MAX) ?

@cmb69
Copy link
Member

cmb69 commented Aug 19, 2022

I think this PR is good (unless that code path is already tested), but the test needs to be skipped on 32bit architectures.

If you like, you can provide a PR regarding the implementation of the function.

@juan-morales juan-morales mentioned this pull request Aug 19, 2022
Closed
@juan-morales
Copy link
Contributor Author

lets see how can I improve all this.

@juan-morales
Copy link
Contributor Author

Just found this:

ext/json/tests/bug72787.phpt

Luckly, there is already a test for that in json_decode() and I will use the same SKIP Rule in my test for is_json() RFC

tiffany-taylor pushed a commit to tiffany-taylor/doc-en that referenced this pull request Jan 16, 2023
@cmb69 @tiffany-taylor
Document allowed range for json_decode()'s $depth parameter
f484b3c 
Cf. <php/php-src#9359 (comment)>.
claudepache pushed a commit to claudepache/php-doc-en that referenced this pull request Jun 1, 2023
@cmb69 @claudepache
Document allowed range for json_decode()'s $depth parameter
3da39f1 
Cf. <php/php-src#9359 (comment)>.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Extension: json
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@juan-morales @cmb69