Avoid recursion in the document loader. (#127) #1
Conversation
The document loading API (yaml_parser_load) was susseptable to a stack overflow issue when given input data which opened many mappings and/or sequences without closing them. This was due to the use of recurion in the implementation. With this change, we avoid recursion, and maintain our own loader context stack on the heap. The loader context contains a stack of document node indexes. Each time a sequence or mapping start event is encountered, the node index corrasponding to the event is pushed to the stack. Each time a sequence or mapping end event is encountered, the corrasponding node's index is popped from the stack. The yaml_parser_load_nodes() function sits on the event stream, issuing events to the appropriate handlers by type. When an event handler function constructs a node, it needs to connect the new node to its parent (unless it's the root node). This is where the loader context stack is used to find the parent node. The way that the new node is added to the tree depends on whether the parent node is a mapping (with a yaml_node_pair_t to fill), or a sequence (with a yaml_node_item_t). Fixes: yaml#107
|
A small wish: use Tarantool does not use the load-all-at-once Anyway, I don't mind the backport of the fix as the extra protection measure: it is good to don't have a code that may lead to the stack overflow even if it is not used at the moment. This fix seems to work, I run the loader this way: $ cmake .
$ make
$ yes '{' | head -n 102400 | tr -d '\n' > x.yaml
$ ./run-loader x.yaml
[1] Loading 'x.yaml': FAILURE (0 documents)Before the fix: $ ./run-loader x.yaml
[1] Loading 'x.yaml': Segmentation faultHowever on large input it cycles or works very slow. I reported it in yaml#251. |
NOTE:
The document loading API (yaml_parser_load) was susseptable to a
stack overflow issue when given input data which opened many
mappings and/or sequences without closing them.
This was due to the use of recurion in the implementation.
With this change, we avoid recursion, and maintain our own loader
context stack on the heap.
The loader context contains a stack of document node indexes.
Each time a sequence or mapping start event is encountered,
the node index corrasponding to the event is pushed to the
stack. Each time a sequence or mapping end event is encountered,
the corrasponding node's index is popped from the stack.
The yaml_parser_load_nodes() function sits on the event stream,
issuing events to the appropriate handlers by type.
When an event handler function constructs a node, it needs to
connect the new node to its parent (unless it's the root node).
This is where the loader context stack is used to find the
parent node. The way that the new node is added to the tree
depends on whether the parent node is a mapping (with a
yaml_node_pair_t to fill), or a sequence (with a yaml_node_item_t).
Fixes: yaml#107