RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message

You are viewing a single comment's thread from:

Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message

in utopian-io •  6 years ago 

Thinking about this a little more, I was worried you might have been right about nested JSON objects, and that deeply-nested JSON objects in the JSON-RPC API could still cause the thread to die because of stack overflow.

The parser does have a check that you can't nest JSON objects or arrays more than 100 deep: https://github.com/steemit/steem/blob/9e83f66c85a2c76bef1a07cef7dd302d2c4be572/libraries/fc/src/io/json.cpp#L442

But I'm not sure it's effective, I can think of one way it might be fooled.

utopian-io
6 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.02
  • Past Payouts $0.02
  • - Author $0.02
  • - Curators $0.01
1 vote
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!