From 2d653bd15dd320899196ed68dec48a72df5b0e23 Mon Sep 17 00:00:00 2001
From: Christopher Dunn <cdunn2001@gmail.com>
Date: Mon, 2 Mar 2015 23:42:12 -0600
Subject: [PATCH] fix security hole for string-key-lengths > 2^30

---
 src/lib_json/json_reader.cpp | 1 +
 src/lib_json/json_value.cpp  | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index 372b832..4311853 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -1430,6 +1430,7 @@ bool OurReader::readObject(Token& tokenStart) {
       return addErrorAndRecover(
           "Missing ':' after object member name", colon, tokenObjectEnd);
     }
+    if (name.length() >= (1U<<30)) throw std::runtime_error("keylength >= 2^30");
     Value& value = currentValue()[name];
     nodes_.push(&value);
     bool ok = readValue();
diff --git a/src/lib_json/json_value.cpp b/src/lib_json/json_value.cpp
index 3452ba4..f7e81ad 100644
--- a/src/lib_json/json_value.cpp
+++ b/src/lib_json/json_value.cpp
@@ -191,8 +191,6 @@ void Value::CommentInfo::setComment(const char* text, size_t len) {
 
 // Notes: policy_ indicates if the string was allocated when
 // a string is stored.
-//
-// TODO: Check for length > 1GB, in Reader.
 
 Value::CZString::CZString(ArrayIndex index) : cstr_(0), index_(index) {}