Commits

basvandijk committed 625058a

Add warning about space-usage on the Fixed instance

  • Participants
  • Parent commits f50acab

Comments (0)

Files changed (1)

Data/Aeson/Types/Instances.hs

     toJSON = Number . realToFrac
     {-# INLINE toJSON #-}
 
+-- | /WARNING:/ Only parse fixed-precision numbers from trusted input
+-- since an attacker could easily fill up the memory of the target
+-- system by specifying a scientific number with a big exponent like
+-- @1e1000000000@.
 instance HasResolution a => FromJSON (Fixed a) where
     parseJSON = withScientific "Fixed" $ pure . realToFrac
     {-# INLINE parseJSON #-}