arangodb
diff --git a/‎3rdParty/velocypack/include/velocypack/Builder.h
Lines changed: 3 additions & 0 deletions b/‎3rdParty/velocypack/include/velocypack/Builder.h
Lines changed: 3 additions & 0 deletions
diff --git a/‎3rdParty/velocypack/include/velocypack/Exception.h
Lines changed: 1 addition & 0 deletions b/‎3rdParty/velocypack/include/velocypack/Exception.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎3rdParty/velocypack/include/velocypack/Options.h
Lines changed: 8 additions & 1 deletion b/‎3rdParty/velocypack/include/velocypack/Options.h
Lines changed: 8 additions & 1 deletion
diff --git a/‎3rdParty/velocypack/include/velocypack/Parser.h
Lines changed: 5 additions & 4 deletions b/‎3rdParty/velocypack/include/velocypack/Parser.h
Lines changed: 5 additions & 4 deletions
diff --git a/‎3rdParty/velocypack/include/velocypack/Slice.h
Lines changed: 9 additions & 1 deletion b/‎3rdParty/velocypack/include/velocypack/Slice.h
Lines changed: 9 additions & 1 deletion
diff --git a/‎3rdParty/velocypack/include/velocypack/Validator.h
Lines changed: 6 additions & 2 deletions b/‎3rdParty/velocypack/include/velocypack/Validator.h
Lines changed: 6 additions & 2 deletions
diff --git a/‎3rdParty/velocypack/src/Builder.cpp
Lines changed: 51 additions & 5 deletions b/‎3rdParty/velocypack/src/Builder.cpp
Lines changed: 51 additions & 5 deletions
diff --git a/‎3rdParty/velocypack/src/Exception.cpp
Lines changed: 2 additions & 0 deletions b/‎3rdParty/velocypack/src/Exception.cpp
Lines changed: 2 additions & 0 deletions
diff --git a/‎3rdParty/velocypack/src/Parser.cpp
Lines changed: 16 additions & 4 deletions b/‎3rdParty/velocypack/src/Parser.cpp
Lines changed: 16 additions & 4 deletions
@@ -1099,6 +1099,9 @@ class Builder {
   bool checkAttributeUniqueness(Slice obj) const;
   bool checkAttributeUniquenessSorted(Slice obj) const;
   bool checkAttributeUniquenessUnsorted(Slice obj) const;
+
+  ValueLength effectivePaddingForOneByteMembers() const noexcept;
+  ValueLength effectivePaddingForTwoByteMembers() const noexcept;
 };
 
 struct BuilderNonDeleter {
 
@@ -54,6 +54,7 @@ class Exception : public virtual std::exception {
     CannotTranslateKey = 21,
     KeyNotFound = 22, // not used anymore
     BadTupleSize = 23,
+    TooDeepNesting = 24,
 
     BuilderNotSealed = 30,
     BuilderNeedOpenObject = 31,
 
@@ -25,6 +25,8 @@
 #ifndef VELOCYPACK_OPTIONS_H
 #define VELOCYPACK_OPTIONS_H 1
 
+#include <cstdint>
+#include <limits>
 #include <string>
 
 #include "velocypack/velocypack-common.h"
@@ -102,7 +104,8 @@ struct Options {
   // clear builder before starting to parse in Parser
   bool clearBuilderBeforeParse = true;
 
-  // validate UTF-8 strings when JSON-parsing with Parser
+  // validate UTF-8 strings when JSON-parsing with Parser or validating with 
+  // Validator
   bool validateUtf8Strings = false;
 
   // validate that attribute names in Object values are actually
@@ -149,6 +152,10 @@ struct Options {
   // write tags to JSON output
   bool debugTags = false;
 
+  // max recursion level for object/array nesting. checked by Parser and 
+  // Validator.
+  uint32_t nestingLimit = std::numeric_limits<uint32_t>::max(); 
+
   // default options with the above settings
   static Options Defaults;
 };
 
@@ -80,7 +80,7 @@ class Parser {
   uint8_t const* _start;
   std::size_t _size;
   std::size_t _pos;
-  int _nesting;
+  uint32_t _nesting;
 
  public:
   Options const* options;
@@ -124,7 +124,7 @@ class Parser {
         _size(0), 
         _pos(0), 
         _nesting(0),
-         options(options) {
+        options(options) {
     if (VELOCYPACK_UNLIKELY(options == nullptr)) {
       throw Exception(Exception::InternalError, "Options cannot be a nullptr");
     }
@@ -184,6 +184,7 @@ class Parser {
     _start = start;
     _size = size;
     _pos = 0;
+    _nesting = 0;
     if (options->clearBuilderBeforeParse) {
       _builder->clear();
     }
@@ -304,9 +305,9 @@ class Parser {
     return i;
   }
 
-  inline void increaseNesting() { ++_nesting; }
+  void increaseNesting(); 
 
-  inline void decreaseNesting() { --_nesting; }
+  void decreaseNesting() noexcept; 
 
   void parseNumber();
 
 
@@ -1242,8 +1242,13 @@ class Slice {
   uint8_t tagsOffset(uint8_t const* start) const noexcept {
     uint8_t ret = 0;
 
-    while(SliceStaticData::TypeMap[*start] == ValueType::Tagged) {
+    while (SliceStaticData::TypeMap[*start] == ValueType::Tagged) {
       uint8_t offset = tagOffset(start);
+      VELOCYPACK_ASSERT(offset != 0);
+      if (VELOCYPACK_UNLIKELY(offset == 0)) {
+        // prevent endless loop
+        break;
+      }
       ret += offset;
       start += offset;
     }
@@ -1317,6 +1322,9 @@ class Slice {
 
       case ValueType::Tagged: {
         uint8_t offset = tagsOffset(start);
+        if (VELOCYPACK_UNLIKELY(offset == 0)) {
+          throw Exception(Exception::InternalError, "Invalid tag data in byteSize()");
+        }
         return byteSize(start + offset) + offset;
       }
 
 
@@ -28,6 +28,8 @@
 #include "velocypack/velocypack-common.h"
 #include "velocypack/Options.h"
 
+#include <cstdint>
+
 namespace arangodb {
 namespace velocypack {
 class Slice;
@@ -39,7 +41,6 @@ class Validator {
   explicit Validator(Options const* options = &Options::Defaults);
   ~Validator() = default;
 
- public:
   // validates a VelocyPack Slice value starting at ptr, with length bytes length
   // throws if the data is invalid
   bool validate(char const* ptr, std::size_t length, bool isSubPart = false) {
@@ -51,6 +52,9 @@ class Validator {
   bool validate(uint8_t const* ptr, std::size_t length, bool isSubPart = false);
 
  private:
+  void validatePart(uint8_t const* ptr, std::size_t length, bool isSubPart);
+
+  void validateTagged(uint8_t const* ptr, std::size_t length);
   void validateArray(uint8_t const* ptr, std::size_t length);
   void validateCompactArray(uint8_t const* ptr, std::size_t length);
   void validateUnindexedArray(uint8_t const* ptr, std::size_t length);
@@ -66,7 +70,7 @@ class Validator {
   Options const* options;
 
  private:
-  int _level;
+  uint32_t _level;
 };
 
 }  // namespace arangodb::velocypack
 
@@ -681,7 +681,8 @@ Builder& Builder::close() {
       (head == 0x0b && (options->buildUnindexedObjects || n == 1))) {
     if (closeCompactArrayOrObject(pos, isArray, indexStart, indexEnd)) {
       // And, if desired, check attribute uniqueness:
-      if (options->checkAttributeUniqueness && 
+      if ((head == 0x0b || head == 0x14) &&
+          options->checkAttributeUniqueness && 
           n > 1 &&
           !checkAttributeUniqueness(Slice(_start + pos))) {
         // duplicate attribute name!
@@ -706,7 +707,7 @@ Builder& Builder::close() {
   unsigned int offsetSize = 8;
   // can be 1, 2, 4 or 8 for the byte width of the offsets,
   // the byte length and the number of subvalues:
-  if (_pos - pos + n - 6 <= 0xff) {
+  if (_pos - pos + n - 6 + effectivePaddingForOneByteMembers() <= 0xff) {
     // We have so far used _pos - pos bytes, including the reserved 8
     // bytes for byte length and number of subvalues. In the 1-byte number
     // case we would win back 6 bytes but would need one byte per subvalue
@@ -715,7 +716,7 @@ Builder& Builder::close() {
     // One could move down things in the offsetSize == 2 case as well,
     // since we only need 4 bytes in the beginning. However, saving these
     // 4 bytes has been sacrificed on the Altar of Performance.
-  } else if (_pos - pos + 2 * n <= 0xffff) {
+  } else if (_pos - pos + 2 * n + effectivePaddingForTwoByteMembers() <= 0xffff) {
     offsetSize = 2;
   } else if (_pos - pos + 4 * n <= 0xffffffffu) {
     offsetSize = 4;
@@ -760,26 +761,61 @@ Builder& Builder::close() {
       _start[pos] += 2;
     } else {  // offsetSize == 8
       _start[pos] += 3;
+      // write number of items
       reserve(8);
       appendLengthUnchecked<8>(n);
     }
   }
 
   // Fix the byte length in the beginning:
-  ValueLength x = _pos - pos;
+  ValueLength const byteLength = _pos - pos;
+  ValueLength x = byteLength;
   for (unsigned int i = 1; i <= offsetSize; i++) {
     _start[pos + i] = x & 0xff;
     x >>= 8;
   }
 
   if (offsetSize < 8) {
-    x = n;
+    ValueLength x = n;
     for (unsigned int i = offsetSize + 1; i <= 2 * offsetSize; i++) {
       _start[pos + i] = x & 0xff;
       x >>= 8;
     }
   }
 
+#ifdef VELOCYPACK_DEBUG
+  // make sure byte size and number of items are actually written correctly
+  if (offsetSize == 
F438
1) {
+    VELOCYPACK_ASSERT(_start[pos] == 0x0b);
+    // read byteLength
+    uint64_t v = readIntegerFixed<uint64_t, 1>(_start + pos + 1);
+    VELOCYPACK_ASSERT(byteLength == v);
+    // read byteLength n
+    v = readIntegerFixed<uint64_t, 1>(_start + pos + 1 + offsetSize);
+    VELOCYPACK_ASSERT(n == v);
+  } else if (offsetSize == 2) {
+    VELOCYPACK_ASSERT(_start[pos] == 0x0c);
+    // read byteLength
+    uint64_t v = readIntegerFixed<uint64_t, 2>(_start + pos + 1);
+    VELOCYPACK_ASSERT(byteLength == v);
+    // read byteLength n
+    v = readIntegerFixed<uint64_t, 2>(_start + pos + 1 + offsetSize);
+    VELOCYPACK_ASSERT(n == v);
+  } else if (offsetSize == 4) {
+    VELOCYPACK_ASSERT(_start[pos] == 0x0d);
+    // read byteLength
+    uint64_t v = readIntegerFixed<uint64_t, 4>(_start + pos + 1);
+    VELOCYPACK_ASSERT(byteLength == v);
+    // read byteLength n
+    v = readIntegerFixed<uint64_t, 4>(_start + pos + 1 + offsetSize);
+    VELOCYPACK_ASSERT(n == v);
+  } else if (offsetSize == 8) {
+    VELOCYPACK_ASSERT(_start[pos] == 0x0e);
+    uint64_t v = readIntegerFixed<uint64_t, 4>(_start + pos + 1);
+    VELOCYPACK_ASSERT(byteLength == v);
+  }
+#endif
+
   // And, if desired, check attribute uniqueness:
   if (options->checkAttributeUniqueness && 
       n > 1 &&
@@ -1309,4 +1345,14 @@ uint8_t* Builder::add(ArrayIterator&& sub) {
   return _start + oldPos;
 }
 
+ValueLength Builder::effectivePaddingForOneByteMembers() const noexcept {
+  // 8 bytes - object length (1 byte) - number of items (1 byte) = 6 bytes
+  return (options->paddingBehavior == Options::PaddingBehavior::UsePadding ? 6 : 0);
+}
+
+ValueLength Builder::effectivePaddingForTwoByteMembers() const noexcept {
+  // 8 bytes - object length (2 bytes) - number of items (2 bytes) = 4 bytes
+  return (options->paddingBehavior == Options::PaddingBehavior::UsePadding ? 4 : 0);
+}
+
 static_assert(sizeof(double) == 8, "double is not 8 bytes");
@@ -66,6 +66,8 @@ char const* Exception::message(ExceptionType type) noexcept {
       return "Key not found";
     case BadTupleSize:
       return "Array size does not match tuple size";
+    case TooDeepNesting:
+      return "Too deep nesting in Array/Object";
     case BuilderNotSealed:
       return "Builder value not yet sealed";
     case BuilderNeedOpenObject:
 
@@ -118,6 +118,17 @@ int Parser::skipWhiteSpace(char const* err) {
   throw Exception(Exception::ParseError, err);
 }
 
+void Parser::increaseNesting() { 
+  if (++_nesting >= options->nestingLimit) {
+    throw Exception(Exception::TooDeepNesting);
+  }
+}
+
+void Parser::decreaseNesting() noexcept { 
+  VELOCYPACK_ASSERT(_nesting > 0);
+  --_nesting; 
+}
+
 // parses a number value
 void Parser::parseNumber() {
   std::size_t startPos = _pos;
@@ -418,16 +429,17 @@ void Parser::parseString() {
 void Parser::parseArray() {
   _builderPtr->addArray();
 
+  increaseNesting();
+
   int i = skipWhiteSpace("Expecting item or ']'");
   if (i == ']') {
     // empty array
     ++_pos;  // the closing ']'
+    decreaseNesting();
     _builderPtr->close();
     return;
   }
 
-  increaseNesting();
-
   while (true) {
     // parse array element itself
     _builderPtr->reportAdd();
@@ -454,20 +466,20 @@ void Parser::parseArray() {
 void Parser::parseObject() {
   _builderPtr->addObject();
 
+  increaseNesting();
   int i = skipWhiteSpace("Expecting item or '}'");
   if (i == '}') {
     // empty object
     consume();  // the closing '}'. return value intentionally not checked
 
     if (_nesting != 0 || !options->keepTopLevelOpen) {
       // only close if we've not been asked to keep top level open
+      decreaseNesting();
       _builderPtr->close();
     }
     return;
   }
 
-  increaseNesting();
-
   while (true) {
     // always expecting a string attribute name here
     if (VELOCYPACK_UNLIKELY(i != '"')) {