From 7338454322fd1d5ddd73ee74dc551cd609e84b5a Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Sun, 21 Jan 2018 16:30:00 +0100
Subject: [PATCH] Remove recursion check when importing a file

Fixes https://dev.yorhel.nl/ncdu/bug/103

I don't think a stack overflow as a result of recursion is exploitable
on a modern system. It should just result in an unfortunate write to a
page that is not writable, followed by a crash.
---
 src/dir_import.c | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/src/dir_import.c b/src/dir_import.c
index 68c39fe..f5c307b 100644
--- a/src/dir_import.c
+++ b/src/dir_import.c
@@ -54,12 +54,6 @@
  * improves performance. */
 #define READ_BUF_SIZE (32*1024)
 
-/* Maximum nesting level for JSON objects / arrays.  (Well, approximately. In
- * some cases an object/array can be nested inside an other object/array while
- * only counting as a single level rather than two.  Anyway, the point of this
- * limit is to prevent stack overflow, which it should do.) */
-#define MAX_LEVEL 100
-
 
 int dir_import_active = 0;
 
@@ -72,7 +66,6 @@ struct ctx {
   int byte;
   int eof;
   int items;
-  int level;
   char *buf; /* points into readbuf, always zero-terminated. */
   char *lastfill; /* points into readbuf, location of the zero terminator. */
 
@@ -327,9 +320,6 @@ static int rkey(char *dest, int destlen) {
 
 /* (Recursively) parse and consume any JSON value. The result is discarded. */
 static int rval() {
-  ctx->level++;
-  E(ctx->level > MAX_LEVEL, "Recursion depth exceeded");
-
   C(rfill1);
   switch(*ctx->buf) {
   case 't': /* true */
@@ -377,7 +367,6 @@ static int rval() {
     break;
   }
 
-  ctx->level--;
   return 0;
 }
 
@@ -412,9 +401,6 @@ static int item(uint64_t);
 
 /* Read and add dir contents */
 static int itemdir(uint64_t dev) {
-  ctx->level++;
-  E(ctx->level > MAX_LEVEL, "Recursion depth exceeded");
-
   while(1) {
     C(cons());
     if(*ctx->buf == ']')
@@ -425,7 +411,6 @@ static int itemdir(uint64_t dev) {
   }
   con(1);
   C(cons());
-  ctx->level--;
   return 0;
 }
 
@@ -596,7 +581,7 @@ int dir_import_init(const char *fn) {
   ctx = malloc(sizeof(struct ctx));
   ctx->stream = stream;
   ctx->line = 1;
-  ctx->byte = ctx->eof = ctx->items = ctx->level = 0;
+  ctx->byte = ctx->eof = ctx->items = 0;
   ctx->buf = ctx->lastfill = ctx->readbuf;
   ctx->readbuf[0] = 0;
 
-- 
GitLab