Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

Enforce JsonSerializerOptions.MaxDepth on write#38706

Merged
steveharter merged 2 commits intodotnet:masterfrom
steveharter:NoSOE
Jun 20, 2019
Merged

Enforce JsonSerializerOptions.MaxDepth on write#38706
steveharter merged 2 commits intodotnet:masterfrom
steveharter:NoSOE

Conversation

@steveharter
Copy link
Contributor

@steveharter steveharter commented Jun 19, 2019

Fixes https://github.com/dotnet/corefx/issues/36510

It appears the Utf8JsonWriter now has an upper limit of 1,000 so we would never get a StackOverflowException.

@steveharter steveharter self-assigned this Jun 19, 2019
ahsonkhan
ahsonkhan reviewed Jun 20, 2019
View reviewed changes
src/System.Text.Json/tests/Serialization/CyclicTests.cs

{
var options = new JsonSerializerOptions();
options.MaxDepth = depth + 1;
Copy link

@ahsonkhan ahsonkhan Jun 20, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if a user sets this to 900-1000 or even larger?

Copy link
Contributor Author

@steveharter steveharter Jun 20, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If larger, the 1,000 limit on the writer will kick in.

Copy link

@ahsonkhan ahsonkhan Jun 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... So, we can't serialize any objects > 64 depth, even though we can write JSON with depth > 64? Seems like the limitation is too strict here.

ahsonkhan
ahsonkhan reviewed Jun 20, 2019
View reviewed changes
@steveharter steveharter merged commit 10a0741 into dotnet:master Jun 20, 2019
@steveharter steveharter deleted the NoSOE branch June 20, 2019 14:41
@karelz karelz added this to the 3.0 milestone Jul 16, 2019
picenka21 pushed a commit to picenka21/runtime that referenced this pull request Feb 18, 2022
@steveharter
Enforce JsonSerializerOptions.MaxDepth on write (dotnet/corefx#38706)
a730738 
Commit migrated from dotnet/corefx@10a0741
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@JeremyKuhne JeremyKuhne Awaiting requested review from JeremyKuhne

1 more reviewer

@ahsonkhan ahsonkhan ahsonkhan left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@steveharter steveharter

Labels

area-System.Text.Json

Projects

None yet

Milestone

3.0

Development

Successfully merging this pull request may close these issues.

Avoid StackOverflowException when there are graph cycles in serialization

3 participants

@steveharter @ahsonkhan @karelz