This is closely related to #1583. If a schema does not support an arbitrarily deep JSON encoding, a stack overflow can still be induced via a malicious payload if the protojson.UnmarshalOptions.DiscardUnknown field is true. This is because the code to discard unknown fields is recursive. It should instead use iteration with a slice to model the stack of open objects and arrays, so it can safely discard JSON of arbitrary complexity.
jhump
commented
6 months ago
This is closely related to #1583. If a schema does not support an arbitrarily deep JSON encoding, a stack overflow can still be induced via a malicious payload if the
protojson.UnmarshalOptions.DiscardUnknownfield is true. This is because the code to discard unknown fields is recursive. It should instead use iteration with a slice to model the stack of open objects and arrays, so it can safely discard JSON of arbitrary complexity.