Better default depth

Author: cschreib

CMakeLists.txt

@@ -29,7 +29,7 @@ set(JSONEXPR_USE_STD_EXPECTED    OFF CACHE BOOL "Use std::expected (requires C++
 set(JSONEXPR_USE_STD_FROM_CHARS  ON  CACHE BOOL "Use std::from_chars (requires C++17). Else, use streams.")
 
 # Configurable parameters
-set(JSONEXPR_MAX_AST_DEPTH 32 CACHE STRING "Maximum depth of the parsed AST (0=infinite)")
+set(JSONEXPR_MAX_PARSER_DEPTH 128 CACHE STRING "Maximum depth of the parser (0=infinite)")
 
 # Development options.
 set(JSONEXPR_DEV OFF CACHE BOOL "Enable warnings in compilation.")

README.md

@@ -330,9 +330,9 @@ first_non_null(1, 1+'abc')    -> 1 (second argument was invalid, but no error si
 
 # Security
 
-All operations allowed in the language are meant to be safe, in the sense that they should not make the host process abort or behave in an unspecified manner (e.g., through out-of-bounds read or writes, use-after-free, incorrect type accesses, read of uninitialized memory, etc.). This is  tested by running the test suite with sanitizers, and by fuzzing.
+All operations allowed in the language are meant to be safe, in the sense that they should not make the host process abort or behave in an unspecified manner (e.g., through out-of-bounds read or writes, use-after-free, incorrect type accesses, read of uninitialized memory, etc.). This is  tested by running the test suite with sanitizers, and by fuzzing. The underlying JSON library is also battle-tested.
 
-Furthermore, the parser has a fixed maximum recursion depth to prevent stack overflows. This depth is set to 32 by default, and can be changed with the CMake option `JSONEXPR_MAX_AST_DEPTH`.
+Furthermore, the parser has a fixed maximum recursion depth to prevent stack overflows. This depth  can be changed with the CMake/compilation option `JSONEXPR_MAX_AST_DEPTH`.
 
 Despite the above, the library is not 100% risk-free. In particular, the following is currently unsafe:
  - integer overflow and underflow in evaluated expression

libjsonexpr/include/jsonexpr/config.hpp.config

@@ -43,6 +43,6 @@
 
 #cmakedefine01 JSONEXPR_FUZZ
 
-#define JSONEXPR_MAX_AST_DEPTH ${JSONEXPR_MAX_AST_DEPTH}
+#define JSONEXPR_MAX_PARSER_DEPTH ${JSONEXPR_MAX_PARSER_DEPTH}
 
 #endif

libjsonexpr/src/parse.cpp

@@ -70,13 +70,14 @@ struct depth_counter {
 
 #define CHECK_MAX_DEPTH                                                                            \
     do {                                                                                           \
-        if (depth.depth == JSONEXPR_MAX_AST_DEPTH) {                                               \
+        if (depth.depth == JSONEXPR_MAX_PARSER_DEPTH) {                                            \
             if (tokens.empty()) {                                                                  \
-                return unexpected(                                                                 \
-                    abort_parse("max depth of AST reached; increase JSONEXPR_MAX_AST_DEPTH"));     \
+                return unexpected(abort_parse(                                                     \
+                    "max depth of parser reached; increase JSONEXPR_MAX_PARSER_DEPTH"));           \
             } else {                                                                               \
                 return unexpected(abort_parse(                                                     \
-                    tokens.front(), "max depth of AST reached; increase JSONEXPR_MAX_AST_DEPTH")); \
+                    tokens.front(),                                                                \
+                    "max depth of parser reached; increase JSONEXPR_MAX_PARSER_DEPTH"));           \
             }                                                                                      \
         }                                                                                          \
     } while (0)