From f114143de49035b0e2067a8363a121fe5b3419cf Mon Sep 17 00:00:00 2001
From: trobro <git@trobro.se>
Date: Wed, 16 Apr 2025 17:58:41 +0200
Subject: [PATCH 1/2] maxNestingDepth 10000

---
 src/HJSON/HJSONParser.php | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/HJSON/HJSONParser.php b/src/HJSON/HJSONParser.php
index b6c110d..c65d9f7 100644
--- a/src/HJSON/HJSONParser.php
+++ b/src/HJSON/HJSONParser.php
@@ -11,6 +11,8 @@ class HJSONParser
     private $ch;   // The current character
     private $escapee = [];
     private $keepWsc; // keep whitespace
+    private $maxNestingDepth = 10000;
+    private $nestingDepth;
 
     public function __construct()
     {
@@ -44,6 +46,7 @@ public function parse($source, $options = [])
 
     private function resetAt()
     {
+        $this->nestingDepth = 0;
         $this->at = 0;
         $this->ch = ' ';
     }
@@ -99,9 +102,15 @@ private function value()
         $this->white();
         switch ($this->ch) {
             case '{':
-                return $this->object();
+                $this->nestingDepth++;
+                $ret = $this->object();
+                $this->nestingDepth--;
+                return $ret;
             case '[':
-                return $this->_array();
+                $this->nestingDepth++;
+                $ret = $this->_array();
+                $this->nestingDepth--;
+                return $ret;
             case '"':
                 return $this->string('"');
             case '\'':
@@ -157,6 +166,10 @@ private function _array()
         // Parse an array value.
         // assumeing ch === '['
 
+        if ($this->nestingDepth > $this->maxNestingDepth) {
+          $this->error("Exceeded max depth (".$this->maxNestingDepth.")");
+        }
+
         $array = [];
         $kw = null;
         $wat = null;
@@ -210,6 +223,11 @@ private function _array()
     private function object($withoutBraces = false)
     {
         // Parse an object value.
+
+        if ($this->nestingDepth > $this->maxNestingDepth) {
+          $this->error("Exceeded max depth (".$this->maxNestingDepth.")");
+        }
+
         $key = null;
         $object = new \stdClass();
         $kw = null;

From b3e51b116130a4a0357f6be85358e4bef23f1424 Mon Sep 17 00:00:00 2001
From: trobro <git@trobro.se>
Date: Wed, 16 Apr 2025 18:01:37 +0200
Subject: [PATCH 2/2] indentation

---
 src/HJSON/HJSONParser.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/HJSON/HJSONParser.php b/src/HJSON/HJSONParser.php
index c65d9f7..e706f24 100644
--- a/src/HJSON/HJSONParser.php
+++ b/src/HJSON/HJSONParser.php
@@ -167,7 +167,7 @@ private function _array()
         // assumeing ch === '['
 
         if ($this->nestingDepth > $this->maxNestingDepth) {
-          $this->error("Exceeded max depth (".$this->maxNestingDepth.")");
+            $this->error("Exceeded max depth (".$this->maxNestingDepth.")");
         }
 
         $array = [];
@@ -225,7 +225,7 @@ private function object($withoutBraces = false)
         // Parse an object value.
 
         if ($this->nestingDepth > $this->maxNestingDepth) {
-          $this->error("Exceeded max depth (".$this->maxNestingDepth.")");
+            $this->error("Exceeded max depth (".$this->maxNestingDepth.")");
         }
 
         $key = null;