From 4d3683561f9ffe8f2cd1b1dcabe89ba8f392d678 Mon Sep 17 00:00:00 2001
From: James Newton-King <james@newtonking.com>
Date: Tue, 13 Sep 2022 07:44:00 +0800
Subject: [PATCH 1/2] Fix custom MaxDepth not being used with ISerializable
 deserialization

---
 Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs | 164 ++++++++++++++++++
 .../JsonSerializerInternalReader.cs           |   1 +
 2 files changed, 165 insertions(+)
 create mode 100644 Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs

diff --git a/Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs b/Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs
new file mode 100644
index 000000000..63700b019
--- /dev/null
+++ b/Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs
@@ -0,0 +1,164 @@
+#region License
+// Copyright (c) 2007 James Newton-King
+//
+// Permission is hereby granted, free of charge, to any person
+// obtaining a copy of this software and associated documentation
+// files (the "Software"), to deal in the Software without
+// restriction, including without limitation the rights to use,
+// copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the
+// Software is furnished to do so, subject to the following
+// conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+// OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+// WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+// OTHER DEALINGS IN THE SOFTWARE.
+#endregion
+
+#if !NET20
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Threading;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json.Tests.Documentation.Samples.Serializer;
+#if DNXCORE50
+using System.Reflection;
+using Xunit;
+using Test = Xunit.FactAttribute;
+using Assert = Newtonsoft.Json.Tests.XUnitAssert;
+#else
+using NUnit.Framework;
+#endif
+
+namespace Newtonsoft.Json.Tests.Issues
+{
+    [TestFixture]
+    public class Issue2709 : TestFixtureBase
+    {
+        [Test]
+        public void Test()
+        {
+            int maxDepth = 512;
+
+            var currentFoo = new Foo(null);
+
+            for (var i = 0; i < 100; i++)
+            {
+                currentFoo = new Foo(currentFoo);
+            }
+
+            var fooBar = new FooBar();
+            fooBar.AddFoo("main", currentFoo);
+
+            var json = JsonConvert.SerializeObject(fooBar, SerializeSettings(maxDepth));
+
+            JsonConvert.DeserializeObject<FooBar>(json, DeserializeSettings(maxDepth));
+        }
+
+        [Test]
+        public void Test_Failure()
+        {
+            int maxDepth = 512;
+
+            var currentFoo = new Foo(null);
+
+            for (var i = 0; i < 600; i++)
+            {
+                currentFoo = new Foo(currentFoo);
+            }
+
+            var fooBar = new FooBar();
+            fooBar.AddFoo("main", currentFoo);
+
+            var json = JsonConvert.SerializeObject(fooBar, SerializeSettings(maxDepth));
+
+            var ex = ExceptionAssert.Throws<JsonReaderException>(() => JsonConvert.DeserializeObject<FooBar>(json, DeserializeSettings(maxDepth)));
+            Assert.IsTrue(ex.Message.StartsWith("The reader's MaxDepth of 512 has been exceeded."));
+        }
+
+        [Test]
+        public void Test_Failure2()
+        {
+            int maxDepth = 10;
+
+            var currentFoo = new Foo(null);
+
+            for (var i = 0; i < 20; i++)
+            {
+                currentFoo = new Foo(currentFoo);
+            }
+
+            var fooBar = new FooBar();
+            fooBar.AddFoo("main", currentFoo);
+
+            var json = JsonConvert.SerializeObject(fooBar, SerializeSettings(maxDepth));
+
+            var ex = ExceptionAssert.Throws<JsonReaderException>(() => JsonConvert.DeserializeObject<FooBar>(json, DeserializeSettings(maxDepth)));
+            Assert.IsTrue(ex.Message.StartsWith("The reader's MaxDepth of 10 has been exceeded."));
+        }
+
+        [Serializable]
+        public class FooBar : ISerializable
+        {
+            private Dictionary<string, Foo> _myData = new Dictionary<string, Foo>();
+
+            public IList<Foo> FooList => _myData.Values.ToList();
+
+            public FooBar()
+            {
+            }
+
+            public FooBar(SerializationInfo info, StreamingContext context)
+            {
+                _myData = (Dictionary<string, Foo>)info.GetValue(nameof(_myData), typeof(Dictionary<string, Foo>));
+            }
+
+            public void GetObjectData(SerializationInfo info, StreamingContext context)
+            {
+                info.AddValue(nameof(_myData), _myData);
+            }
+
+            public void AddFoo(string name, Foo myFoo)
+            {
+                _myData[name] = myFoo;
+            }
+        }
+
+        public class Foo
+        {
+            public Guid Id { get; }
+            public Foo MyFoo { get; set; }
+
+            public Foo(Foo myFoo)
+            {
+                MyFoo = myFoo;
+                Id = Guid.NewGuid();
+            }
+        }
+
+        private JsonSerializerSettings DeserializeSettings(int maxDepth) => new JsonSerializerSettings()
+        {
+            TypeNameHandling = TypeNameHandling.None,
+            MaxDepth = maxDepth
+        };
+
+        private JsonSerializerSettings SerializeSettings(int maxDepth) => new JsonSerializerSettings()
+        {
+            TypeNameHandling = TypeNameHandling.All,
+            MaxDepth = maxDepth
+        };
+    }
+}
+#endif
diff --git a/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs b/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs
index d43367cc3..72bc0cca2 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs
@@ -1804,6 +1804,7 @@ private object CreateISerializable(JsonReader reader, JsonISerializableContract
             JsonConverter? itemConverter = GetConverter(itemContract, null, contract, member);
 
             JsonReader tokenReader = token.CreateReader();
+            tokenReader.MaxDepth = Serializer.MaxDepth;
             tokenReader.ReadAndAssert(); // Move to first token
 
             object? result;

From fb38c6b286877046f5549571e2a36f0a5661003e Mon Sep 17 00:00:00 2001
From: James Newton-King <james@newtonking.com>
Date: Tue, 13 Sep 2022 07:47:31 +0800
Subject: [PATCH 2/2] Fix issue number

---
 Src/Newtonsoft.Json.Tests/Issues/{Issue2709.cs => Issue2735.cs} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename Src/Newtonsoft.Json.Tests/Issues/{Issue2709.cs => Issue2735.cs} (99%)

diff --git a/Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs b/Src/Newtonsoft.Json.Tests/Issues/Issue2735.cs
similarity index 99%
rename from Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs
rename to Src/Newtonsoft.Json.Tests/Issues/Issue2735.cs
index 63700b019..14a08b180 100644
--- a/Src/Newtonsoft.Json.Tests/Issues/Issue2709.cs
+++ b/Src/Newtonsoft.Json.Tests/Issues/Issue2735.cs
@@ -45,7 +45,7 @@
 namespace Newtonsoft.Json.Tests.Issues
 {
     [TestFixture]
-    public class Issue2709 : TestFixtureBase
+    public class Issue2735 : TestFixtureBase
     {
         [Test]
         public void Test()