diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-10-04 08:45:34 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-04 08:45:34 -0700 |
| commit | c03b1b95a3e1333696053fbd8701721d6b206f56 (patch) | |
| tree | 6f3a37c57c5c6dc98755832ffa0f8dd4b9020d0d /vendor/gopkg.in/yaml.v2/scannerc.go | |
| parent | 70d5b0a6fbb86174e113d8a8a3b4b40eb7b7a297 (diff) | |
| parent | f418fc70e7fe6e55c95d2130e52dee7f360eeff4 (diff) | |
| download | podman-c03b1b95a3e1333696053fbd8701721d6b206f56.tar.gz podman-c03b1b95a3e1333696053fbd8701721d6b206f56.tar.bz2 podman-c03b1b95a3e1333696053fbd8701721d6b206f56.zip | |
Merge pull request #4194 from containers/dependabot/go_modules/gopkg.in/yaml.v2-2.2.4
Bump gopkg.in/yaml.v2 from 2.2.3 to 2.2.4
Diffstat (limited to 'vendor/gopkg.in/yaml.v2/scannerc.go')
| -rw-r--r-- | vendor/gopkg.in/yaml.v2/scannerc.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/vendor/gopkg.in/yaml.v2/scannerc.go b/vendor/gopkg.in/yaml.v2/scannerc.go index 077fd1dd2..570b8ecd1 100644 --- a/vendor/gopkg.in/yaml.v2/scannerc.go +++ b/vendor/gopkg.in/yaml.v2/scannerc.go @@ -906,6 +906,9 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool { return true } +// max_flow_level limits the flow_level +const max_flow_level = 10000 + // Increase the flow level and resize the simple key list if needed. func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool { // Reset the simple key on the next level. @@ -913,6 +916,11 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool { // Increase the flow level. parser.flow_level++ + if parser.flow_level > max_flow_level { + return yaml_parser_set_scanner_error(parser, + "while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark, + fmt.Sprintf("exceeded max depth of %d", max_flow_level)) + } return true } @@ -925,6 +933,9 @@ func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool { return true } +// max_indents limits the indents stack size +const max_indents = 10000 + // Push the current indentation level to the stack and set the new level // the current column is greater than the indentation level. In this case, // append or insert the specified token into the token queue. @@ -939,6 +950,11 @@ func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml // indentation level. parser.indents = append(parser.indents, parser.indent) parser.indent = column + if len(parser.indents) > max_indents { + return yaml_parser_set_scanner_error(parser, + "while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark, + fmt.Sprintf("exceeded max depth of %d", max_indents)) + } // Create a token and insert it into the queue. token := yaml_token_t{ |