remove attack vector for large arrays

hgrsd · hgrsd · commit ca5f93a7042e · 2025-06-07T21:49:22.000+01:00
diff --git a/src/parse_schema.rs b/src/parse_schema.rs
@@ -418,7 +418,8 @@ fn parse_array_constraints(
     schema_obj: &Map<String, Value>,
 ) -> Result<(usize, usize), ParseSchemaError> {
     let min_items = parse_optional_usize_field(schema_obj, "minItems")?.unwrap_or(0);
-    let max_items = parse_optional_usize_field(schema_obj, "maxItems")?.unwrap_or(usize::MAX);
+    let max_items =
+        parse_optional_usize_field(schema_obj, "maxItems")?.unwrap_or(/* sane default */ 16);
     Ok((min_items, max_items))
 }
 

Original file line number	Diff line number	Diff line change
`@@ -418,7 +418,8 @@ fn parse_array_constraints(`
`418`	`418`	`schema_obj: &Map<String, Value>,`
`419`	`419`	`) -> Result<(usize, usize), ParseSchemaError> {`
`420`	`420`	`let min_items = parse_optional_usize_field(schema_obj, "minItems")?.unwrap_or(0);`
`421`		`- let max_items = parse_optional_usize_field(schema_obj, "maxItems")?.unwrap_or(usize::MAX);`
	`421`	`+ let max_items =`
	`422`	`+ parse_optional_usize_field(schema_obj, "maxItems")?.unwrap_or(/* sane default */ 16);`
`422`	`423`	`Ok((min_items, max_items))`
`423`	`424`	`}`
`424`	`425`