fix: lower TOML_MAX_NESTED_VALUES to prevent stack overflow on deeply nested arrays/inline tables (#293)

Co-authored-by: Daniel Bodorin <danielbodorin@users.noreply.github.com>

5 files changed, 22 insertions, 4 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 992f1c32b8..c9155779f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ template:
 - fixed `is_homogeneous()` overloads with `first_nonmatch` outparam being broken in optimized builds (#231) (@Forbinn)
 - fixed unclear error message when parsing integers that would overflow (#224) (@chrimbo)
 - fixed CMake `install` target installing `meson.build` files (#236) (@JWCS)
+- lowered `TOML_MAX_NESTED_VALUES` default from 256 to 128 to prevent stack overflow on deeply nested arrays/inline tables in sanitizer builds (@danielbodorin)
 
 ## v3.4.0
 
diff --git a/README.md b/README.md
index 1e8e2f7ee6..1539a198ed 100644
--- a/README.md
+++ b/README.md
@@ -288,6 +288,7 @@ UTF-8 decoding is performed using a state machine based on Bjoern Hoehrmann's '[
 -   **[@bjadamson](https://github.com/bjadamson)** - Reported some bugs and helped design a new feature
 -   **[@bobfang1992](https://github.com/bobfang1992)** - Reported a bug and created a [wrapper in python](https://github.com/bobfang1992/pytomlpp)
 -   **[@capuanob](https://github.com/capuanob)** - Integrated this project into OSSFuzz
+-   **[@danielbodorin](https://github.com/danielbodorin)** - Fixed stack overflow from deeply nested arrays/inline tables
 -   **[@GiulioRomualdi](https://github.com/GiulioRomualdi)** - Added cmake+meson support
 -   **[@jonestristand](https://github.com/jonestristand)** - Designed and implemented the `toml::path`s feature
 -   **[@kcsaul](https://github.com/kcsaul)** - Fixed a bug
diff --git a/include/toml++/impl/preprocessor.hpp b/include/toml++/impl/preprocessor.hpp
index ff2ce6dd23..d74d2b616c 100644
--- a/include/toml++/impl/preprocessor.hpp
+++ b/include/toml++/impl/preprocessor.hpp
@@ -1177,9 +1177,11 @@
 #endif
 
 #ifndef TOML_MAX_NESTED_VALUES
-#define TOML_MAX_NESTED_VALUES 256
+#define TOML_MAX_NESTED_VALUES 128
 // this refers to the depth of nested values, e.g. inline tables and arrays.
-// 256 is crazy high! if you're hitting this limit with real input, TOML is probably the wrong tool for the job...
+// 128 is very generous; real TOML files rarely exceed single-digit nesting.
+// keep this value low enough to avoid stack overflows in sanitizer-instrumented builds
+// where each recursion cycle may consume ~3KB of stack.
 #endif
 
 #ifndef TOML_MAX_DOTTED_KEYS_DEPTH
diff --git a/tests/user_feedback.cpp b/tests/user_feedback.cpp
index 6cc1fd34c5..aa1f36b1d6 100644
--- a/tests/user_feedback.cpp
+++ b/tests/user_feedback.cpp
@@ -168,6 +168,18 @@ b = []
 		constexpr auto start = "fl =[ "sv;
 		memcpy(s.data(), start.data(), start.length());
 		parsing_should_fail(FILE_LINE_ARGS, std::string_view{ s });
+
+		// deeply nested inline tables should also fail gracefully, not stack overflow
+		{
+			// build: fl = {a={a={a={a=...{a=1}...}}}
+			std::string nested_tables = "fl = ";
+			for (size_t i = 0; i < 2048; i++)
+				nested_tables += "{a=";
+			nested_tables += "1";
+			for (size_t i = 0; i < 2048; i++)
+				nested_tables += "}";
+			parsing_should_fail(FILE_LINE_ARGS, std::string_view{ nested_tables });
+		}
 	}
 
 	SECTION("tomlplusplus/issues/112") // https://github.com/marzer/tomlplusplus/issues/112
diff --git a/toml.hpp b/toml.hpp
index c01a208fa2..5f750cbf1b 100644
--- a/toml.hpp
+++ b/toml.hpp
@@ -1086,9 +1086,11 @@
 #endif
 
 #ifndef TOML_MAX_NESTED_VALUES
-#define TOML_MAX_NESTED_VALUES 256
+#define TOML_MAX_NESTED_VALUES 128
 // this refers to the depth of nested values, e.g. inline tables and arrays.
-// 256 is crazy high! if you're hitting this limit with real input, TOML is probably the wrong tool for the job...
+// 128 is very generous; real TOML files rarely exceed single-digit nesting.
+// keep this value low enough to avoid stack overflows in sanitizer-instrumented builds
+// where each recursion cycle may consume ~3KB of stack.
 #endif
 
 #ifndef TOML_MAX_DOTTED_KEYS_DEPTH