sqlparser-rs: Stack overflow when parsing SQL consisting of many imbalanced open parenthesis
This code segfaults with a stack overflow on both 0.9.0 from crates.io as well as loading from git (Version 35ef0eee3)
use sqlparser::dialect::GenericDialect;
use sqlparser::parser::Parser;
fn main() {
let sql = "(".repeat(1024);
let dialect = GenericDialect {};
let _ = Parser::parse_sql(&dialect, &sql);
}
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 1
- Comments: 16 (1 by maintainers)
Thank you – I am a little behind on sqlparser reviews at the moment. I’ll try and take a look over the weekend. Hopefully we can get some other community feedback as well
On Wed, May 18, 2022 at 1:18 PM Miki Mokrysz @.***> wrote:
I’ve opened an PR for this: https://github.com/sqlparser-rs/sqlparser-rs/pull/501. Feedback welcome.
I’d intended to track the parser’s call stack. Good point though.
🤔 I am not sure how much time I have to devote to figuring out how to release multiple dependent crates in parallel for this crate
I think a default depth limit (that can be overridden) seems very reasonable to me and very much in the rust “safe by default” spirit
Might be worth looking at what
serde_jsondoes, since I know they definitely have a depth limit by default. Their limit is 128.@alamb Thanks for such a quick response, I appreciate it. I’ll get working on the PR soonish and let you know how it goes 😃