From e45099fb21b679aa0cdb0db394587bb5ba675b0c Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Sat, 17 Jan 2026 15:18:06 +0100
Subject: Prevent deep nesting of plist structures in all input/output formats

Thanks to @unbengable12 for reporting. Addresses #288, #289, #290, #291, and #292.
---
 src/out-default.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/out-default.c')

diff --git a/src/out-default.c b/src/out-default.c
index 09e64c3..fb57bcf 100644
--- a/src/out-default.c
+++ b/src/out-default.c
@@ -318,6 +318,13 @@ static plist_err_t _node_estimate_size(node_t node, uint64_t *size, uint32_t dep
         return PLIST_ERR_INVALID_ARG;
     }
 
+    if (depth > PLIST_MAX_NESTING_DEPTH) {
+#if DEBUG
+        fprintf(stderr, "libplist: ERROR: maximum nesting depth (%u) exceeded\n", (unsigned)PLIST_MAX_NESTING_DEPTH);
+#endif
+        return PLIST_ERR_MAX_NESTING;
+    }
+
     if (hash_table_lookup(visited, node)) {
 #if DEBUG
         fprintf(stderr, "libplist: ERROR: circular reference detected\n");
-- 
cgit v1.1-32-gdbae