Commits

basvandijk committed d84a12b

Add warning about space-usage on the Fixed instance

Comments (0)

Files changed (1)

Data/Aeson/Types/Instances.hs

     toJSON = Number . realToFrac
     {-# INLINE toJSON #-}
 
+-- | /WARNING:/ Only parse fixed-precision numbers from trusted input
+-- since an attacker could easily fill up the memory of the target
+-- system by specifying a scientific number with a big exponent like
+-- @1e1000000000@.
 instance HasResolution a => FromJSON (Fixed a) where
     parseJSON = withScientific "Fixed" $ pure . realToFrac
     {-# INLINE parseJSON #-}