Add warning about space-usage on the Fixed instance

--HG-- extra : rebase_source : 625058aecd476ec8f0140965e04787974ad21b70 extra : histedit_source : 13c9b34b80a918675cffa1311881b00b9e3511d5
trilogysci · May 13, 2014 · ecbb736 · ecbb736
1 parent 80e3a9b
commit ecbb736
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/Data/Aeson/Types/Instances.hs b/Data/Aeson/Types/Instances.hs
@@ -206,6 +206,10 @@ instance HasResolution a => ToJSON (Fixed a) where
     toJSON = Number . realToFrac
     {-# INLINE toJSON #-}
 
+-- | /WARNING:/ Only parse fixed-precision numbers from trusted input
+-- since an attacker could easily fill up the memory of the target
+-- system by specifying a scientific number with a big exponent like
+-- @1e1000000000@.
 instance HasResolution a => FromJSON (Fixed a) where
     parseJSON = withScientific "Fixed" $ pure . realToFrac
     {-# INLINE parseJSON #-}